Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Problems after Infection.


  • Please log in to reply
17 replies to this topic

#1 mrfingerz

mrfingerz

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 07:09 PM

Packard Bell Laptop EasyNote S4
Windows XP Service Pack 3

Hello :)

I have been receiving help with malware problems on my sons' laptop recently, topic http://www.bleepingcomputer.com/forums/topic357771.html

I have been advised to post here. The problems that still exist on it are as follows.....

System Restore cant be accessed, whenever you try to create a point, the computer tells you it cant and to reboot. If you look for points, it says there are none available.

The sound on the computer is affected, in that it seems stretched at times. I uninstalled the driver and reinstalled and it made no difference.

The CPU usage fluctuates particularly after boot, stays around maximum often, particularly after booting, there are only minimum programs running at startup.

Scrolling on the computer is poor, I uninstalled and reinstalled the synaptics driver and that hasn't helped.


Unfortunately, we have no windows cd for it, otherwise I'd have reformatted a while ago.


I'd be grateful if anybody has any ideas that haven't been tried, thanks in anticipation.


mrfingerz
It's nice to be important, it's much more important to be nice.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:13 AM

Posted 12 December 2010 - 07:36 PM

Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key Posted Image, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")
- security programs in use (antivirus, firewall)

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 08:50 PM

Hi Broni,

Thanks for your swift response!

Processor Intel Pentium M 1.73 ghz, RAM 248mb, HD 38.7gb (29.5 free)

Avast Free AV, Sunbelt personal firewall, Sandboxie.

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 100.00 0 K 28 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0 K 56 K
smss.exe 1184 180 K 48 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 1244 1,836 K 2,324 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 1268 5,872 K 584 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 1312 1,764 K 1,540 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 1484 3,028 K 1,484 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
wmiprvse.exe 176 2,412 K 4,768 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 1572 1,716 K 1,296 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
SbieSvc.exe 1796 1,068 K 844 K Sandboxie Service SANDBOXIE L.T.D "C:\Program Files\Sandboxie\SbieSvc.exe"
svchost.exe 1808 12,224 K 8,340 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1892 2,396 K 88 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
AvastSvc.exe 812 12,128 K 24,564 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
spoolsv.exe 632 3,144 K 428 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
jqs.exe 468 2,224 K 1,396 K Java™ Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
SbPFLnch.exe 904 460 K 48 K Sunbelt Personal Firewall SbPFLnch Sunbelt Software, Inc. "C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe"
SbPFSvc.exe 840 16,200 K 4,640 K Sunbelt Firewall Service Sunbelt Software, Inc. "C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe"
SbPFCl.exe 1724 3,744 K 1,332 K Sunbelt Firewall GUI Sunbelt Software, Inc. "C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe" -g 11
svchost.exe 1024 2,448 K 1,452 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
alg.exe 1824 1,120 K 256 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
lsass.exe 1324 2,352 K 1,236 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 428 17,948 K 10,516 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
AvastUI.exe 2232 6,152 K 2,136 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
SynTPEnh.exe 2296 1,444 K 1,760 K Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
notepad.exe 3572 976 K 384 K Notepad Microsoft Corporation "C:\WINDOWS\system32\notepad.exe"
procexp.exe 3452 9,792 K 14,956 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Main\Desktop\procexp.exe"
SbieCtrl.exe 488 1,832 K 4,076 K Sandboxie Control SANDBOXIE L.T.D "C:\Program Files\Sandboxie\SbieCtrl.exe"



Regards

mrfingerz
It's nice to be important, it's much more important to be nice.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:13 AM

Posted 12 December 2010 - 09:21 PM

I don't see any high CPU usage.
In fact System Idle Process (CPU NOT used) is listed at 100.00%

You have very little of RAM. XP would run much better with at least 512MB of RAM.

Now, try to create new profile with administrator rights and see how it works out.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 10:17 PM

Pretty sure the ac I was on has admin rights. (Not on that computer at the moment)
Like I said, the cpu usage is very changeable though, I do appreciate the RAM is low.

Any thoughts on the other issues?
It's nice to be important, it's much more important to be nice.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:13 AM

Posted 12 December 2010 - 10:25 PM

I do appreciate the RAM is low

I meant, you have TOO little of RAM.

As for the other issue, we'll know more, when you create new account and see how it goes there.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 10:35 PM

Lol, yeah I know what you meant, ok I'll create a new profile on it and let you know the results.


Regards

mrfingerz
It's nice to be important, it's much more important to be nice.

#8 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 11:19 PM

Hello,

I have created a new profile with admin rights. CPU isn't as changeable, sound still incorrect and still unable to create system restore point.
It's nice to be important, it's much more important to be nice.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:13 AM

Posted 12 December 2010 - 11:22 PM

I'd assume, your Windows installation must be seriously corrupted.
I'd suggest reinstalling Windows.
Recovery CD, or even borrowed Windows XP CD will do.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 11:31 PM

I have a recovery cd somewhere for a different computer that is running xp, would it be ok to use that?
It's nice to be important, it's much more important to be nice.

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:13 AM

Posted 12 December 2010 - 11:35 PM

It won't work, unless it's exact computer brand and model.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 11:39 PM

Didn't think it would, unlikely I'm gonna be able to get hold of one for it I think. Thanks for your help.
It's nice to be important, it's much more important to be nice.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:13 AM

Posted 12 December 2010 - 11:42 PM

If it comes to the worst, you can always call Packard Bell and request recovery CD. It shouldn't take more, than 20-30 bucks.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:13 PM

Posted 12 December 2010 - 11:46 PM

Well if you have a few friends with computers you can see what OS they have and if its XP ask them to borrow their CD and you can perform one last thing and that is the following:

sfc /scannow

Information on System File Checker

Tutorial for SFC Written by another BC Advisor

You will need get a hold of a Windows XP Installation CD to perform a reinstall anyways. You maybe able to pick one up on eBay for cheap.

Windows XP OEM - 99 Bucks Buy it now.

Windows XP Pro SP3 56 Bucks Buy It Now

#15 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:05:13 PM

Posted 12 December 2010 - 11:46 PM

I had to get one from Packard bell a few years ago, it was very expensive then, I'm in the U.K, maybe they are cheaper now. Hope so.
Thanks also cryptodan.

Edited by mrfingerz, 12 December 2010 - 11:51 PM.

It's nice to be important, it's much more important to be nice.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users