Very slow pc

[robgood]

Hi

 

Yesterday, my pc started to run slow and today it is almost at a standstill. I have 2mb ram and over half of the space on hard drive is free. I also run AML registry cleaner on a regular basis and defrag once a week.

 

The problem seems to have started after I came off the internet and maybe it is down to malware?

 

I have spybot and Norton Antivirus but unable to run them cos pc is so slow. How slow?.. As an example, it has just taken 4/5mins to open Adobe Reader.

 

I am using another pc to post for obvious reasons.

 

Any help much appreciated

 

Rob

Edited September 2, 2010 by robgood

[PseFrank]

Hello Robgood, I think that your problems could be a result of running your freebie registry cleaner, and would advise that you uninstall the program. I am not an expert on the Windows registry, but can say that for the inexperienced, registry cleaners can cause the user more problems than they cure.

 

The problem seems to have started after I came off the internet and maybe it is down to malware?

 

The fact that you have stated that the problem started after a browsing session, also suggests that you have a mistrust of at least some of the sites visited. So you might well have been infected with malware. Please be careful of which sites you visit.

 

If need be, we'll move your thread over to the malware removal section. But for the time being please be patient until others with more knowledge post their thoughts on your problems.

[robgood]

Thanks for the response. The website that I visited was a forum, that I hadn't been to before.

 

Anyway, since my original post, I have started the pc in safe mode, deleted all temp, internet files and cookies. I am now running spybot, but no results so far. The pc runs fine in safe mode but still almost at a standstill in normal mode.

 

Rob

[Starbuck]

Hi rob,

 

Follow the steps below and let me have the reports, if it does seem related to malware we'll then move this thread.

 

Step 1

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware

  [*]Then click Finish.

  [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

  [*]On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.

  [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

  [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  [*]Click OK to close the message box and continue with the removal process.

  [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  [*]Make sure that everything is checked, and click Remove Selected.

  [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

  [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

  [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

Step 3

• Download OTL to your desktop.
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png

Now copy the lines in the codebox below.


netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL (if the reports are too big to post, add them as attachments.)

 

 

Thanks.

[robgood]

Thanks Starbuck. Can I run these programmes in safe mode? Otherwise it will be a long time b4 I get back to you.

 

Rob

[Starbuck]

Steps 2 and 3 can be run in safe mode.

You should be able to download the programs using safe mode with networking.

But with MBAM, if it needs to reboot to finish off any cleaning, it'll have to reboot into normal mode.

Feel free to skip step 1 if you want, i can add that section to an OTL fix if it's needed.

[robgood]

I went into safe mode to run MBAM and after a few minutes, it shut itself down and rebooted into normal mode. I then tried to restart the pc in safe mode but for the last half hour, it does the following.

 

The pc boots to the screen where the small blue squares scroll across. Then after a minute or two it then goes to a screen with various options to start the pc. Clicking on any option makes no difference. It just starts over and returns to the same screen.

 

Hope this makes sense.

Rob

[Starbuck]

Ok, but will the pc boot into normal mode.... even if it's ruddy slow?

also, do you have a windows operating disc or is the OS on a disc partition?

[robgood]

The pc won't boot into any mode. I do have the operating disc (windows xp incl. service pack 3)

[Starbuck]

Will now move this thread to the malware forum.

 

Ok, there is a possibility that we can sort this, but it's not easy.

The short rote is to use the OS disc to do a fresh reformat/reinstall.

But you would lose everything.

 

or you can try this:

 

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

 

Please print this guide for future reference!

 

You will need a blank CD, a clean computer and a flash drive.

 

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

 

1. Download and Run Ultimate Boot CD for Windows

• Save it to your Desktop.
  
• Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  
• Follow all of the instructions/prompts that come up.
   
  NOTES:
  
• Do not install to a folder with spaces in it's name.
  
• Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
   
  2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
   
  
• Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  
• Click "I agree" to the Builders License.
  
• Click NO to Search for Windows Installation Files
  
• Make the following selections from the Main Screen that pops up:
  .
  
• Builder
  
• Source:(path to Windows installation files)
  
• Enter the path to the drive where your XP CD is located.
  
• You can click on the "..." button on the right to navigate to the path as well.
   
  
• Custom: (include files and folders from this directory)
  • No information is necessary, leave blank.
     
    
  • Output: (C:\ubcd4win\BartPE)
    
  • Keep the default BartPE
     
    
  • Media output
    
  • Choose Create ISO image
     
    
  • Do not choose Burn to CD/DVD
    

   

   

   

  Please note: If your XP install disc is SP1 then please .....

   

  • Disable- DComLaunch Service
    
  • Enable- LargeIDE Fix
    

  This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

   

  Also note: If you have a Dell XP install disc you will need to follow the instructions here

  UBCD for Windows

   

   

  3. Click on the "Build" button

  • You will see the Windows EULA message. Click on I Agree
    
  • You will now see the Build Screen. Let it run it's course
    
  • When the Build is finished you can click close, then exit
    

   

   

  4. Burn your ISO file to CD

   

   

  Please see HERE on how to burn an ISO to CD.

   

   

  ==========

   

  Next........

   

  From your clean computer..

   

  Please download OTLPE.zip and save it to a flash drive.

  http://oldtimer.geekstogo.com/OTLPE.zip

  http://www.itxassociates.com/OT-Tools/OTLPE.zip

   

  Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

   

  ==========

   

  Plug your flash drive into your sick computer now and do as instructed below..

   

  ==========

   

  1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

  • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    
  • Restart your computer.
    
  • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    
  • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    
  • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    .
    
  • You should now have a desktop that looks like this:
    http://img.photobucket.com/albums/v230/LittlBUGer/WinUBCD/Screens/3_0/Main.jpg
    

   

  ==========

   

  Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

   

  Open the OTLPE folder and double click Start.bat.

   

  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    
  • OTLPE should now start.
     
    Change the following settings
    
  • Change Services, Drivers, Standard and Extra Registry to All
    .
    
  • Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word "Code"
    

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT

• Push http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png
  
• A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.
  

 

=========

 

In your next reply, please post:

 

* OTLPE.txt

[robgood]

I think I can live with losing what's on the pc. I have 2 pc's which are networked so all important data is on this one and not the sick one.

 

I'll just re-format and start again.

 

Many thanks for your help..much appreciated.

 

Rob

[Starbuck]

Ok rob,

 

it's obviously your choice.

If you need any further advice, you know where we are.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif