Computer is taking pauses

August 12, 2009 at 17:58:56
Specs: Windows XP, Pentium4 2.80GHz, 512 Ram
My computer is running in strange pastterns. While browsing or typing it takes pauses of up to a minute. The flashing line while typing is flickering irregularly, the writing of the desktop items appears faint and fuzzy, general browsing is quite slow, even for the computer specs it comes up with the torch to find where to look. It's all weird and i'm not sure how to tackle it. I have the AVG Free version installed. Any ideas anyone? Is that a familiar pattern for a virus attack or similar?

See More: Computer is taking pauses

Report •


#1
August 13, 2009 at 07:02:38
Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
August 14, 2009 at 04:16:32
Thank you so much for your reply.
I ran the malwarebyte full scan - it detected a fair bit. All has been fixed succesfully. The symptoms seem to be the same though. Same pauses and same slow speed of the browsing. Also affects the speed of opening the controlpanel, and populating other pages. The writing of the desktop items is normal by the way - that was my mistake as i had changed the wallpaper background.
I will now run the second scan.

Here the log of the malwarebyte scan:

Malwarebytes' Anti-Malware 1.40
Database version: 2616
Windows 5.1.2600 Service Pack 3

14/08/2009 8:33:55 PM
mbam-log-2009-08-14 (20-33-55).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 168994
Time elapsed: 1 hour(s), 23 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36a91cec-6c71-4758-b492-397bfc8e96a2} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nlF54mb5.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.


Report •

#3
August 14, 2009 at 06:29:06
The second scan doesn't seem to offer a summary log. It found 17 cookies and an entry called Adware.AdRotator/RightOnz. All of them are in quarantine. The problems are still there though.
I guess the problems couldn't be related to my newly installed wireless mouse and keyboard? Just checking because when the computer takes a pause while typing i have to move the mouse to get out of pause....


Report •

Related Solutions

#4
August 14, 2009 at 07:06:48
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility.

--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdate;
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.

--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] DDS Logs

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#5
August 14, 2009 at 08:58:48
Thanks again for helping out. Here are the three links and file codes:
http://rapidshare.com/files/2673448...
MD5: D06F2EC3B885DED7D7984F3EFB9D4808

http://rapidshare.com/files/2673440...
MD5: FCAEC812FB2215F4B5F54C19E793A0E4

http://rapidshare.com/files/2673445...
MD5: 4150AF268729F40265C2672407085FE0


Report •

#6
August 14, 2009 at 10:37:38
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\\SystemRoot\System32\DRIVERS\sr.sys','');
 QuarantineFile('C:\WINDOWS\System32\DRIVERS\sr.sys','');
 QuarantineFile('C:\WINDOWS\system32\eoyUbqPd.exe','');
 QuarantineFile('C:\WINDOWS\system32\nlF54mb5.exe','');
 DeleteFile('C:\WINDOWS\system32\nlF54mb5.exe');
 DeleteFile('C:\WINDOWS\system32\eoyUbqPd.exe');
 DeleteFileMask('C:\Windows\tasks\','At*.job',false);
 BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

3) Start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip. Upload virusinfo_syscheck.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

In your next reply, please include download links to the following:
[*] virusinfo_syscheck.zip

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#7
August 15, 2009 at 01:37:29
Hi again and thank you for the ongoing support. The computer is running a bit better by now - the pauses mainly occur when typing messages, but browsing is pretty much normal. Just the computer start up is extremely slow.

Here the requested link to the scan under point 3:

http://rapidshare.com/files/2675801...
MD5: 0C51D5836DD8EEFB40D012E121C98B03

I also sent you the requested PM.
Many thanks....


Report •

#8
Report •

#9
August 15, 2009 at 09:06:28
Hi again!
I ran the scan - 1 infection and 1 problem were identified and fixed. Also cleaned up the registry and disc.

Report •

#10
August 15, 2009 at 09:55:22
How is system running now? What did it find for infection?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
August 15, 2009 at 17:02:50
I couldn't see a log anywhere that would specify what exactly was identified. The fix for the two problems was done automatically.
When I started up after the scan, the Hardward wizard popped up and told me that it found some new unknown hardware. It is unable to find the software for it. The only thing I can think of is the sound card. The computer lost all sound almost a year ago. I just assumed that the card was broken, but maybe it was part of an infestation with something?
The start-up is still quite slow but better. The pauses seem to have disappeared. I could type this message without interruption so far, which would have been impossible before. As I mentioned, browsing seems to be back to normal as well. So the improvement is remarkable and I am more than greatful for that.
The question is, which of the scans and software I have to remove again now. As you probably saw there is even stuff left from a problem I had a long time ago - like hijack this, cc cleaner and superspywareblaster. These were installed when I was guided through the problem in this forum.
There are also still parts of limewirevisible when I press on start which is a software I removed a long time ago. I am not sure whether it is still sitting in the registry or something.

During the last paragraph I had a short pause again but as soon as I klicked in the message box the typing worked again.

The final question would be how to run the computer to avoid those infestations in the furture. AVG free was obviously bypassed. Any suggestions?

Appreciating all your help.


Report •

#12
August 16, 2009 at 16:16:06
I have to say that after a day of not using the computer, the pauses are now back just as badly as they occured in the beginning. They come frequently and are longer.
Maybe its time to chuck the stupid thing out!?

Report •

#13
August 16, 2009 at 17:18:09
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

2) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#14
August 16, 2009 at 18:21:32
Sorry, I think the computer is in meltdown. The pauses are so long and often that it is almost unusable.
When i click on the download link it just shows me briefly the frame for a new window but then doesn't start the download.
The toolbar with favourites tools and so forth has disappeared.
In the taskbar the explorer window is a blank blue not showing what it is.

Report •

#15
August 16, 2009 at 18:33:54
Do you have your windows discs? If you do try: http://www.updatexp.com/scannow-sfc... You seemed to cache something rare on your machine.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#16
August 16, 2009 at 20:04:49
Okay, after installing the windows updates and Explorer 8 I am able to open windows again. The toolbars are back and the websites are stated in the taskbar.
I have downloaded the sscan but I have to admit that I am not sure which software I have to disable to run it. There have been so many downloads of scans that I don't know which ones are still running in the background.
I disabled the AVG 8.5 following your link to the other forum.

Report •

#17
August 18, 2009 at 00:13:43
Alright, I went through a few dramas. After running the scan the first time I was not sure whether it was completed - the computer was idle for over an hour so I had to turn it off and re boot. The computer ran fine for over an hour but then had samll pauses again. I emptied the cache which seemed to make it run properly again.I then ran the scan again to make sure it was done properly. After the second scan my internet connection had lost all data, so I restored back to the system from two days ago. Then downloaded the scan again and ran it now. So here is the link to the log file:

http://rapidshare.com/files/2686421...
MD5: 9F02DD86EE150882785B032E0D1ECD67


Report •

#18
August 18, 2009 at 12:56:31
Uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok.

How is your system running i don't think its malware related problem.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#19
August 18, 2009 at 14:54:51
I uninstalled Combofix.
The system is running better, but I still get those pauses at times. Just short ones and mainly while typing.
Maybe I will return my wireless keyboard and mouse and try cabled ones.
On starting up the computer still gives me the message that it picked up new hardware but then is unable to locate any software for it. I have no clue what it is picking up.
Should I uninstall all scans I got during the clean up. Especially SuperAntiSpyware seems to be running in the background and I wonder whether it might be the cause for the start up taking very long - almost 3 minutes.

Report •

#20
August 18, 2009 at 17:31:26
Yes you can uninstall all the tools. In addition run full scan with: http://onecare.live.com/site/en-Us/...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#21
August 19, 2009 at 06:41:49
I ran the scan and there were no infections found. Just a few registry items have been removed.
After using a cable keyboard and mouse the pauses have stopped.
Just the start-up is still long but the rest runs normally now.

Thank you again for all your assistance...it is very much appreciated.


Report •


Ask Question