Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer very slow on Startup


  • This topic is locked This topic is locked
22 replies to this topic

#1 Fhallest

Fhallest

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 06 September 2013 - 02:10 PM

I was recently receiving help in the Am I infected what do I do forum? 

 

http://www.bleepingcomputer.com/forums/t/505055/computer-very-slow-on-startup/

 

I was referred here for help with a issue with start up and svhost running rampant on my computer.  Also when I try to open any program on my computer it will try to us Adobe instead of the native program.  Especially anything saved in the word format.  I do not know how this was changed but I hope someone can help me reverse what has been done to my computer.  I have sucessfully run the DDS program and attached the necessary log files to this message.  Thanks again for everthing.

 

Randy

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 11 September 2013 - 02:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506957 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:49 PM

Posted 12 September 2013 - 10:23 AM

Hello, if you still need help, please post the requested logs.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 12 September 2013 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 

I was referred here for help with a issue with start up and svhost running rampant on my computer. Also when I try to open any program on my computer it will try to us Adobe instead of the native program. Especially anything saved in the word format.


To restore the file association for many types of file download the appropriate file (fix) from this site.
http://dougknox.com/xp/file_assoc.htm

===

Your word document issue may be fixed by following the instructions on this page.
http://answers.yahoo.com/question/index?qid=20071206205713AAlMGCF

If you have any questions before proceeding please ask.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 14 September 2013 - 10:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 15 September 2013 - 08:35 AM

This topic has been re-opened at the request of the person who originally posted.

#7 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 15 September 2013 - 08:17 PM

Nasdaq,

 

I am not sure how to fix the problem with adobe set as the default program for opening all files on my computer. I followed the link but the solutions did not work or I was doing something incorrect.  I also do not know what the second link is for on the reply or what you would like me to do next and should of just asked instead of trying to figure it out and taking so much time.

 

In addition, as stated in the other post linked above, I am having still trouble with svhost running for a long period of time when my computer starts up.  I can observe this happening when I use the Windows task manager to see what programs are running at startup.  This particular svhost.exe is listed as a system file but is the fifth svhost.exe file listed.  I also notice that I get from time to time my antivirus shutting down a svhost.exe that keeps trying to run on my computer. I have also noticed something constantly running on my hard drive that is not normal.  I hope this clarifies what I am having a problem with on my computer and why I would greatly appreciate your assistance in this matter.

 

Randy



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 16 September 2013 - 08:41 AM

I am not sure how to fix the problem with adobe set as the default program for opening all files on my computer


Remove the Adobe reader using the Add/Remove programs.
Restart the computer normally to reset the registry.

====

To open a Word document try this.

Open Windows explorer, navigate to a folder were you have Word documents.
Right click on one of the files and use open with function.
You should be able to select Word and the document will open.

Let me know if that works.

Edited by nasdaq, 16 September 2013 - 08:42 AM.


#9 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 17 September 2013 - 12:59 PM

Ok that worked for the word issue.  Can I re install adobe reader or is there another program to read pdf files?  I was wonder if you were going to help me with the svhost issue?  It will continue to run and prevent me from accessing the net and severely slow down my computer.  I was wondering why it is doing this and when I do no stop it all kinds of weird things happen with my computer.  I cannot get access to internet as browsers keep crashing, etc.  I was hoping you could help as I can see from the boards I am not the only one with this issue of late.

 

Randy



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 17 September 2013 - 01:11 PM


Can you now run .exe, or .com programs?

Can I re install adobe reader or is there another program to read pdf files?


Get the latest version of the Adobe Reader. from this site.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

I was wonder if you were going to help me with the svhost issue?

Is this service svhost or svrhost ?
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#11 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 17 September 2013 - 05:51 PM

Nasdaq,

 

I am sorry I got the name of what is running incorrect it is scvhost.  I know this is a normal file but at times malicious software likes to pretend its Halloween and dress up as this file.  I am pretty sure this is one of those uninvited guests crashing my party.

 

Thanks

 

Randy



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 18 September 2013 - 08:49 AM

Can I see the log from the RogueKiller tool.

#13 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 19 September 2013 - 07:18 PM

Nasdaq,

 

Here is the report you requested.

 

 

 

 

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Randy Nettell [Admin rights]
Mode : Remove -- Date : 09/19/2013 18:14:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ SECU][PUM] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD2500JD-00HBC0 +++++
--- User ---
[MBR] a36facc4184c04444518933029517b78
[BSP] b7b5f98646fc96cc2f0e18ba8c79b12b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09192013_181416.txt >>
RKreport[0]_S_09192013_181242.txt


 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 20 September 2013 - 07:29 AM

Please run this tool. Post the log for my review.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#15 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 21 September 2013 - 09:07 PM

Nasdq,

 

 

I am not sure what you mean by post both logs.  Do you mean past them in my next message?

 

Randy






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users