Jump to content

Slow computer


Guest Bomb123
 Share

Recommended Posts

Guest Bomb123

Hello. One of my friend complained about a slow computer, pentium 4, 2.60 ghz, 2,00 gb of ram, windows xp professional, zone alarm free and antivir free. The computer have been scanned with many programs but no viruses have been found. Is there any way to make the computer work faster?

Link to post
Share on other sites

Guest Bomb123

The only strange things that i have noticed are the three folders in the hard disk such as this C:\b17e16173d8e6c9aab48 and two others with some numbers and letters. Two of the folders contains some .wdm files such as this 594532B8-3387-40BB-81C5-F9A7C3EB7116mpasdlta.vdm and at least one contains some service pack files from microsoft or something like that.

Link to post
Share on other sites

  • Root Admin

My guess is zone alarm is consuming way too many resources.

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Guest Bomb123

The computer is no longer running zone alarm or antivir. Only avast free and windows firewall after trying pctools free antivirus and losing network connection when uninstalling it...

Here are the log files, i also post the no virus thanks ark log...

DDS.zip

Attach.zip

AutoRuns.zip

================================================================================

==========================================

NoVirusThanks Anti-Rootkit v1.1 (FREE EDITION)

Microsoft Windows Version 5.1 Build: 2600 Service Pack: 3

Detected CPUs: (2)

Scanning Commenced... 5.12.2010 12:10:59

================================================================================

==========================================

>>>SSDT<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Shadow SDT<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Kernel Notify Routines<<<

================================================================================

==========================================

CreateProcess: Address 0xB99F71F0 [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]

Hidden Loaded Driver: False

================================================================================

==========================================

>>>Processes<<<

================================================================================

==========================================

0x8A87EA00 [4]SYSTEM

Suspicious: False

Hidden: False

0x8A53D9E0 [1088]C:\WINDOWS\system32\ati2evxx.exe

Suspicious: True

Hidden: False

0x8A607B18 [1800]C:\Program Files\Java\jre6\bin\jqs.exe

Suspicious: False

Hidden: False

0x8A4898C8 [932]C:\WINDOWS\system32\svchost.exe

Suspicious: False

Hidden: False

0x8A50CA38 [2004]C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

Suspicious: False

Hidden: False

0x8A4C7950 [1224]C:\WINDOWS\system32\spoolsv.exe

Suspicious: False

Hidden: False

0x8A505B18 [1760]C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

Suspicious: False

Hidden: False

0x8A5BB910 [304]C:\WINDOWS\system32\svchost.exe

Suspicious: False

Hidden: False

0x8A6A2728 [612]C:\WINDOWS\system32\services.exe

Suspicious: False

Hidden: False

0x8A51A030 [568]C:\WINDOWS\system32\winlogon.exe

Suspicious: False

Hidden: False

0x8A64F6A8 [380]C:\WINDOWS\system32\smss.exe

Suspicious: False

Hidden: False

0x8A5BCBC8 [440]C:\WINDOWS\system32\wdfmgr.exe

Suspicious: True

Hidden: False

0x8A4CD030 [536]C:\WINDOWS\system32\csrss.exe

Suspicious: False

Hidden: False

0x8A622378 [624]C:\WINDOWS\system32\lsass.exe

Suspicious: False

Hidden: False

0x8A4F2938 [1812]C:\Program Files\Messenger\msmsgs.exe

Suspicious: False

Hidden: False

0x8A521030 [792]C:\WINDOWS\system32\ati2evxx.exe

Suspicious: True

Hidden: False

0x8A2FF770 [1608]C:\Program Files\NoVirusThanks\Anti-Rootkit (Free Edition)\NVTArk.exe

Suspicious: False

Hidden: False

0x8A606390 [812]C:\WINDOWS\system32\svchost.exe

Suspicious: False

Hidden: False

0x8A5015B8 [872]C:\WINDOWS\system32\svchost.exe

Suspicious: False

Hidden: False

0x8A2EFBE0 [980]C:\WINDOWS\system32\svchost.exe

Suspicious: False

Hidden: False

0x8A651BC0 [1388]C:\WINDOWS\system32\svchost.exe

Suspicious: False

Hidden: False

0x8A5A4628 [1484]C:\WINDOWS\system32\alg.exe

Suspicious: False

Hidden: False

0x8A607888 [1536]C:\WINDOWS\explorer.exe

Suspicious: False

Hidden: False

0x8A608440 [1528]C:\WINDOWS\system32\wbem\wmiprvse.exe

Suspicious: False

Hidden: False

0x8A5A6478 [1756]C:\WINDOWS\system32\wscntfy.exe

Suspicious: False

Hidden: False

================================================================================

==========================================

>>>SYSENTER<<<

================================================================================

==========================================

CPU #0 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]

Hooked: False

CPU #1 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]

Hooked: False

================================================================================

==========================================

>>>Drivers<<<

================================================================================

==========================================

================================================================================

==========================================

>>>IDT<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Windows Message Hooks<<<

================================================================================

==========================================

Process: [1088]ati2evxx.exe

Type: WH_KEYBOARD_LL

Address: 0x00002EC0

TID: 1092

Hook Module: ati2evxx.exe

================================================================================

==========================================

>>>BHOs<<<

================================================================================

==========================================

Key Name: {53707962-6F74-2D53-2644-206D7942484F}

Module: C:\PROGRA~1\SPYBOT~1\SDHelper.dll (SBSD IE Protection)

Key Name: {DBC80044-A445-435b-BC74-9C25C1C588A9}

Module: C:\Program Files\Java\jre6\bin\jp2ssv.dll (Java Platform SE binary)

Key Name: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

Module: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Java Quick Starter binary)

================================================================================

==========================================

>>>AppInit_DLLs<<<

================================================================================

==========================================

================================================================================

==========================================

>>>IRP Hooks<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Ring0 Export Hooks<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Ring3 Export Hooks<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Locked System Files<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Locked Generic Files<<<

================================================================================

==========================================

================================================================================

==========================================

>>>Master Boot Record (MBR)<<<

================================================================================

==========================================

Master Boot Record (MBR) appears to be Ok...

================================================================================

==========================================

Scan Complete... 5.12.2010 12:14:15

================================================================================

==========================================

Link to post
Share on other sites

Guest Bomb123

So basically what the pc tools free antivirus did when i uninstalled it that it did not restore the winsock lsp to it's original state so that the internet connection went broken... So i took an weird way to fix the problem because i did not have the lspfix saved on my computer. Basically i copied the mswsock.dll from the windows/system32 directory to the C:\Program Files\Common Files\PC Tools\Lsp\ directory and then renamed it to PCTlsp.dll and then the internet connection started working again...

Also when i scanned the computer with dr.web cure it while i was using the pc tools antivirus free it reported the update service of the pc tools antivirus to be malicious allthough it was a heuristic detection...

http://www.virustotal.com/file-scan/report...da8a-1291543064

:(

Link to post
Share on other sites

Guest Bomb123

Here is a picture of the ati bug in this computer...

picturemg.jpg

So there are two of those ati pictures in the taskbar and the other goes away when i move the mouse arrow over it...

In the anti rootkit log it says that it is suspicious...

0x8A53D9E0 [1088]C:\WINDOWS\system32\ati2evxx.exe

Suspicious: True

Hidden: False

Link to post
Share on other sites

  • Root Admin

The computer logs seem to indicate that the system may be infected. You should follow the advice below.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.