Computer very slow

Viruses and worms
1

Computer slow and problems with IE which appears to be opening multiple pages of the same site when it gets slow.

XP Home, IE 8 , Outpost Free Firewall, MS Security Essentials

I am attaching the logs as suggested.

Thank you

qim

2

Greeting.

In the logs there is no active malware.
Hosts file has been modified!

If you want we can reset hosts file to default.

Download the HostsXpert - Hosts File Manager.
http://www.funkytoad.com/download/HostsXpert.zip

Run the tool

Click on Make ReadOnly?
Click on Make Writable (if is available)
Click on Restore MS Hosts File and then Ok

You may close the program.

Please do a extra check? If you wish…

  1. Gmer

Download the program from the link below GMER to the Desktop:
GMER download:
www2.gmer.net/download.php

note: File is random named

Double click to run GMER.

Wait until the introduction scan is complete. It will be over soon.

  • if you have any inquiry appears, click No;

    Then click Scan and wait until the scan is complete;
    Click Save

  • Save the report to your Desktop (called Gmer1);

    Right-click on the Gmer window and select Options> Only non MS files - click Scan;
    after a short scan, click Save

  • Save the report to your Desktop (called Gmer2);

    Click the button >>> and select Auto-start card;

    after a short scan, click Copy;

    Open Notepad and place a copied text ( paste option ) - save the report to the Desktop (named Gmer3);

Attach here Gmer1/2/3

  1. Combofix

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix. Click on I agree
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.

3

Hi Magna86

I tried to run Gmer but the dreaded blue screen came in the middle of the scan. However, I think it may be due to overheating rather than a virus. I had this problem a few months ago in a hor country while running CPU intensive programmes. In any case before trying again I would appreciate your opinion.

The blue screen indicated DRIVER_IRQL_NOT_LESS_OR_EQUAL

It then a lot of code for STP, atapi.sys, address, base at, date stamp which I copied, if it is needed. It alsow wrote the memory dump.

Thanks for your help.

qim

4

BSOD occurs due to improper hardware or some driver in kenler mode.
Rootkit can olso cause BSOD if is not properly written / loaded.

I was just interested in the GMER log, but it does not matter.

Do the Combofix scan.

Follow this one:
Please download BlueScreenView (choose the ZIP folder).

[b]Extract [/b]the contents of the downloaded ZIP folder.
Double click on [b]BlueScreenView.exe[/b] file to run the program.
When scanning is done, go to [b]Edit > Select All[/b].
Go to [b]File > Save Selected Items[/b], and save the report as [b]BSOD.txt[/b].
Open BSOD.txt in Notepad, copy the information (Edit > Select All, Edit > Copy) and paste it into your next reply.
5

Hi Magna86

I am concerned that if the computer crashes (blue screen) during the ComboFix, I will be in a lot of trouble. Is it recoverable if it happens? I have a lot of important material in the disk that I don’t want to lose.

qim

6

Hi Magna86

Tried Gmer again, puttong a wire rack under the computer to keep it cooler, and managed to finish. I am attaching the log lile, but could not follow the rest of your instructions as I do not see any fo this:

Right-click on the Gmer window and select Options> Only non MS files - click Scan;
after a short scan, click Save …

  • Save the report to your Desktop (called Gmer2);

    Click the button >>> and select Auto-start card;

    after a short scan, click Copy;

I guess that I have the wrong version of Gmer.

qim

7

Sorry… I got it!

I am attaching the rest

8

Hi gim

I cant see active malware on your system.

am concerned that if the computer crashes (blue screen) during the ComboFix, I will be in a lot of trouble.
If BSOD occur, most likely that data will not be deleted. But there is always a risk.

This was viruses and worms subforum here to solve the cases caused by malware.
Regardless, run the BlueScreenView tool and paste here log that I saw what caused the BSOD.

Except modified hosts file I do not see malware.
If I could see CF log then I could with certainty tell you that.

Slow computer does not always mean you’re infected with some malware.
http://www.bleepingcomputer.com/forums/topic87058.html

And run this tool also:

Download TFC to your desktop.

[*]Close any open windows.
[*]Double click the TFC icon to run the program
[*]TFC will close all open programs itself in order to run,
[*]Click the Start button to begin the process.
[*]Allow TFC to run uninterrupted.
[*]The program should not take long to finish it’s job
[*]Once its finished it should automatically reboot your machine,
[*]if it doesn’t, manually reboot to ensure a complete clean

9

Here is the BlueScreenView. I will try the ComboFix after hearing from you.

Tahnk you very much for your help, so far.

qim

10

BSOD reports randoms drivers…that is to say that the reason for the BSOD are probably harware.
You need to test your hardware. Here is how for some start.

Use memtest for testing your RAM memoru
http://www.memtest86.com/

In the event that part of Errors occur in registers, RAM memory is damaged

example:

http://www.mycity.rs/imgs2/55259_86594877_memtestgreska.png

Use MHDD to test hour HDD
http://hddguru.com/software/2005.10.02-MHDD/
Burn MHDD as iso on CD. You may use this softwere.
http://www.ntfs.com/iso-burning.htm

Insert the disk and boots from CD
When you upload files select 1
When the menu appears, choose the disk you’ll scan
Type the Scan and hit enter
In the next menu, click F4
will begin scanning
If there is a more than 3 entries in the section X UNC:
you drive the damage occurred

Reset your BIOS & CMOS. Load setup defaults.

There is no need to run Combofix for now.

11

Hi

I did a memory test at the time of my last batch of blue screens (6 weeks ago?) and everything was fine. The disk with the prog is abroad.

Do u tink I need to do it again?

Other than the memory is there anything else I could probe?

Thanks

qim

12

Last time I had a bout of recurring BSODs it turned out to be faulty RAM - but I seem to recall that while researching it I came across threads discussing failing hardware connected via usb ports as another possible cause (external HDDs, memory sticks etc).

Any usbs plugged into your machine at the time of the BSODs?

Just a thought.

13

Hi Mag

Other than the printer and the mouse, I did not have any yesterday. Somehow, I think they are due to overheating, whichmans I have to go dwn to the local garage to have some air blown through the vents…

It would be nice though to find out if there is smething else, because the computer goes slowly quite often and that cannot be due to overheating (I think…)

qim

14

You could check what the temperatures are - one way is with speedfan - however I’m afraid I wouldn’t have any idea what would be considered too high.

Best wait for some more informed help from magna86

15

Hi

I use Core Temp and can watch what the temp is doing. Today during the Gmer scan it went up beyond 90º. That was with the laptop raised on a grid to let air underneath. Yesterday, without it, it robably went a bit higher and the system shut down creating the blue screen. That’s my guess, but I really do not know much about computers.

Thanks fot the input

qim

16

It is necessary to find someone who understands the hardware and he need to remove CPU and set fresh thermal paste.
Olso he needs to check the validity of coolers and power supplies.

17

Thanks

If you don’t mind I would still like to see f there is somevirus lurking in the background accounting fo the slowness of the system. I will try to finish my academic work tomorrow or Monday and do the ComboFix, if you are still around. Ok?

Thank you very much

qim

18

I beleve i will be online.
But I also believe that except od some junk files & some Windows settings CF will not find anything important. :wink:

Problem that you have probably not causes by malware.

19

Hi Magna86

The system has virtually stopped now. I am going to run ComboFix but would feel happeier if you told me before that you are there at this moment. Otherwise I will try it tomorrow.

Thanks

qim

20

Well, stayed up to 3 am (CET) and managed to regain some functionality in the computer. I checked a number of issues including drivers. I downloaded a free utility from www.driverupdate.net. It told me that all my drivers, etc, were up-to-date which is strange as I assumed they were not. Then, the system got even slower and I wonder if this site is genuine, or I simply downloaded a virus…

Anyway, later, two things happened: first I went into msconfig and disabled a number of services. Having hidden all MS services, I was surprised to see a Microsoft Antimalware Service from an’unknown’ source. In any case I disabled all that were ‘unknown’. As I restarted and tried, first unsuccessfully Windows Update, when I managed to run it I got an update for Word 2003. I spent the day copying and pasting stuff from the Internet to a Word document. It is possible that this caused errors which were sent to MS and resulted in the update. I am not sure if the computer is now ok, but at least I can use it.

I would still like to run ComboFix, but would prefer to wait a couple of days or so until I finish the work I am doing now.

qim