Solved

Computer Deathly Slow ,, FF Code on Soya Tech Aid

Posted on 2008-10-06
27
589 Views
Last Modified: 2012-05-05
I have a customers computer that wouldn't boot.... Video error. Finally got to boot safe mode. Uninstalled  onboard video, rebooted took over anhour to load windows, I ran malware and found 326 objects. Reboot was no better. plugged in Soya Tech Aid, FF code came up suggesting CPU,Bois Mboard. Tried swapping out CPU, No better.Power Supply, same results? Its booting now, I'm thinking Spyware,Virus or could it be the Bios,Mboard etc?
0
Comment
Question by:Munchkin120
  • 13
  • 12
  • 2
27 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 250 total points
Comment Utility
From what you've stated my first guess is that the system is still infected.
You mentioned that you "Loaded" windows. Was this a clean install or a Repair?
Unless it was a clean install there may still be viruses or malware on the system.
Have you ran your anti-malware/anti-spyware utilities in Safe Mode. Many pieces of rogue code can survive scanning unless it's in Safe Mode.
I don't know which anti-malware suites you have but I would recommend downloading, updating and then running in Safe Mode malwarebytes.
It's free and you can get it from www.malwarebytes.org
You might also run HiJackThis and either post the log file here for analysis or post it at www.hijackthis.de
You can get hijackthis from:
http://www.merijn.org/programs.php
David
0
 

Author Comment

by:Munchkin120
Comment Utility
What I meant was that after reboot, it took windows over an hour to fully boot. I will try to boot in safe mode w/networking and update the mallwarebytes program and run that again. Like I said it takes hours to get anything done, I will post back when tasks get completed....please have patience.

  Thanks :-)
Mike M
0
 

Author Comment

by:Munchkin120
Comment Utility
I have updated and reran Malwarebytes... See attached file and note that it took 9 hours + to run. I have taken the drive out and am rescanning for Viruses. While in down mode , I'm going to put the 3.0 CPU back in, seeing that the 2.0 did not make any difference...only slower.

 * Mike *
mbam-log-2008-10-07--10-27-10-.txt
0
 

Author Comment

by:Munchkin120
Comment Utility
Since last post I have reinstalled the 3.0 processor and rescanned the drive for Virues, = none found.
 I ran ComboFix and have attached the log file from that. I think it had a newer version and I probably should have run that in safe mode? I am rebooting at the moment and will attemp to run Hijackthis and post back the results.
Will keep you posted.... any other suggestions ?
   * Mike M *
combolog.txt
0
 

Author Comment

by:Munchkin120
Comment Utility
I'm back with a HiJackThis log. The computer is still extremely slow but atleast it is still moving.

   * Mike *
hijackthis.log
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 250 total points
Comment Utility
While David-Howard is attending to other business i've analysed your HiJackThis logfile.  It now looks pretty clean except for the following files and registry entries, which are marked as "unknown". Currently the HijackThis Log Analyzer cannot provide required information on these items but if you can confirm that they are familar, that's ok.
However, HijackThis will not necessarily detect some rootkits, & as the machine was so heavily infected you may like to run ComboFix.

O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - Global Startup: Activate DYMO LabelWriter Add-In.lnk = C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe
C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe

Here you can download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running, and remember to re-enable them later, upon completion.

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.

ComboFix does present a slight risk to your system, but it's worth considering especially as HijackThis found nothing more & you were quite heavily infected.

0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
If the 'cleanup' doesn't fix things there are numerous ideas to try in these next 2 threads, although personally i would resist using any Registry cleaner unless you feel absolutely necessary>

"Windows XP Performance":
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23781010.html#a22622838

Windows XP Performance:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23781010.html#a22622838
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 250 total points
Comment Utility
Sorry about the duplication, it was meant to include these ideas >
"My computer is too slow!" and other gripes.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q__23444768.html

"Windows XP Performance":
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23781010.html#a22622838 http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23781010.html

and ...
"Restore Your Computer's Performance with Windows XP":
http://www.microsoft.com/windowsxp/using/setup/expert/northrup_restoreperf.mspx

You may also like to study this article>
"DMA reverts to PIO":
http://winhlp.com/node/10
0
 

Author Comment

by:Munchkin120
Comment Utility
Hi Jonvee,

 Look at my previous posts and see that I have a ComboFix log file just before I ran HiJackThis. It warned me it was outdated & I did not disable the Anti-Virus. Should that be run run in safe mode? I don't remember what the exact runtime was, but everything on this machine takes hours to do. The CPU is forever maxed at 100 percent Taskmngr using most of it when open. I will run the latest ComboFix file this time and then rerun HiJackThis and repost the resulst.

Will let you know
 * Thanks Mike *
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Mike,
Ok, and in reply ..
ComboFix works best in normal mode, but occasionally when only Safe mode is available, it can be run from there.
Yes, you should disable all running antivirus and antiMalware before running Combo.

You should find this article useful>  
A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Incidently when you have finally completed, it would be wise to uninstall ComboFix as follows >
Start > Run > then type "ComboFix /u" (with no quotes, and space between x and / )
Then hit enter.  This will uninstall ComboFix, reset your clock settings, re-hide system hidden files, re-hide the file extensions and reset System Restore.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Located this thread earlier, with useful comments by rpggamergirl and Delphineous>
Should I run ComboFix?
http://www.experts-exchange.com/Software/Internet_Email/Spy_Ad_Blockers/HijackThis/Q_23574924.html
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
A few more ideas as a parting shot tonight ... could it be HD failure is iminent?   If the machine is not too slow you could run the appropriate diagnostic  >

"Hard Drive Diagnostics Tools and Utilities":
http://tacktech.com/display.cfm?ttid=287


Or check this thread .. see Merete's comments>
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22968246.html#a20306935

and ...
High CPU Usage:
http://kadaitcha.cx/high_cpu.html

So suggest you run Process Explorer version 11.13:
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
Double click the offending file. If it is a svchost.exe, then Select the Services Tab.
You can see what services are in that svchost.exe.  
Then Select the Threads tab, and see what .exe or .dll is using the CPU.  You can select it by double clicking it.  
0
 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 250 total points
Comment Utility
Sorry for being away so long. Work overtook me. Great suggestions from above.
At this point I agree with one of the posts that include a Repair. That's assuming that the system isn't infected. Which, if it was the utilities that you've run should have revealed that by now.
You might also try SFC SCANNOW. This will detect and system files that have been modified and replace them with the original version(s).
You might also try the utilitiy listed in this link.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
While Task Manager can tell you which process are running and using the most of your CPU time, sysinternals tells you which services may be running and not showing up in Task Manager.


0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:Munchkin120
Comment Utility
I think you are right about services running and not showing in Task Manager. The machine is responding alot better but the CPU is still maxed at 100. of course right now is updating to SP3, might take a while. I put another 512mb memory in this morning, making 1.5 total to get as much performance as I can.
   Once the update is in I will try the sysinternals link to see what is running behind the scenes. This should not be running 100 percent forever.
  The machine is running XP Pro so if I run SFC SCANNOW could I use any XP disk for files? They do not have the original.
   Thank You
 * Mike  *
0
 

Author Comment

by:Munchkin120
Comment Utility
Not a good choice to update to SP3, I knew it would take a while but 12-14 hours? Not really sure, I went to bed. It did update successfully, but did nothing for it. I did some research on above post and going to put in another drive and do a clean install of XP.

Thats all for now!
 * Mike *
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Ok .. thanks for the update .. will drop by tomorrow ...
0
 

Author Comment

by:Munchkin120
Comment Utility
Another Hard Drive, new cable and system is still extremely slow just to boot CD for install. I'm thinking BIOS is corrupt or something bad on motherboard. Will attemp BIOS update or just swap out MB if I have something compatible. Just very frustrating at this point, nothing seems to move faster than a snails pace?

   * Mike *
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
If you're near the mobo you could check for any signs of swollen or leaking capacitors.
Also, if practical, you may want to try replacing the PSU for a new, or an even higher capacity.

Check for bad Capacitors>
http://www.badcaps.net
http://www.badcaps.net/pages.php?vid=5
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
                                                                                                                                                                                                                                                                                                                                                                          Why a computer may use PIO instead of DMA.  It'a operation could then become quite sluggish:    Possible causes for falling back to PIO mode

Full explanation>
"DMA reverts to PIO":
http://winhlp.com/node/10

If still unresolved maybe an idea here>
"XP Performance":
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23781010.html#a22622838
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
>instead of DMA<
should read ...
>Why a computer may use PIO instead of DMA<
0
 

Author Comment

by:Munchkin120
Comment Utility
Hi Jonvee,

 I have looked the board over and see nothing suspicious. on my original post I stated I swapped for new PSU same size though 400w. I'm going to attemp to update the BIOS or swap out MBoard if I have one here.

  Will keep posting on any progress
  Thanks
0
 

Author Comment

by:Munchkin120
Comment Utility
I went to msconfig and set it for diagnostic mode, didn't help. Changed it back after shutting useless stuff off. Read Jonvee's post about PIO vs DMA.Got into BIOS and went through everything.Must have changed or rest something, don't remember, will go back and just (look). Went to Biostar site and downloaded the bios update and utilty program and was going to try that today.
I first booted to SAFE mode and it was fine, fast even. No CPU usage. Rebooted NORMAL mode and just as fast!!! Taskmgr was registering 48% before 2% now. Ijust ran Malwarebytes, 32 mins apposed to like 9 hours before.

Going to uninstall Malwarebytes, then run combofix and HiJacjThis again and repost.

Glad to be UP & RUNNING again
 * Mike *
0
 

Author Comment

by:Munchkin120
Comment Utility
What a difference. I ran ComboFix, I got ahead of myself and didn't see that E-Trust was still running. There was no tray Icon and thought I had shut it off in msconfig. Other than that it ran great.
Then I uninstalled that with "ComboFix /U" and ran HiJackThis. Both log files are attached.

I'm going to "view" the BIOS to see if I can remember what I changed. I'm not going to Update it at this point. My motto is: "if it works don't fix it". Then will go back to "msconfig" and enable some usefull programs(one ata time) to see if its in there.

Any other Ideas?
Thank YOU ALL so much
   * Mike *
ComboFix.txt
hijackthis.log
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Ok, good.  Well, HijackThis log  looks clean.
This deactivated entry can be fixed by HijackThis, but if left alone is not doing any harm>
BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

The ComboFix log ,apart from being unusually lonngggg, mentions the deletion of C:\test.txt but otherwise appears ok.

No other ideas at this time ..
0
 

Author Comment

by:Munchkin120
Comment Utility
First of all I would like THANK David -Howard & Jonvee for thier help,suggestions, & time.  I know it has been a ver long SLOW haha week. The computer is back at the company running fine with all thier programs,files intact. I could not tell them exactly what was wrong, only that it was swamped with malware and possible BIOS problem. I believe it was a setting change in the BIOS that brought it out of its coma.

I am still studying some of the great links & articles that you have sent me too. I will close this question and will attemp to split the points between you.

 Thanks Again,
  * Mike M *
0
 

Author Closing Comment

by:Munchkin120
Comment Utility
Was the Solution Complete/Accurate? I put a yes to these because the computer is back to normal. The solution Easy to understand? I put No because I think it was both the Malware crap and the Bios settings that crippled the machine. Those are my thoughts? Who really knows?
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Thanks Mike for the excellent report with regular updates on progress, it always helps us considerably!  
i would agree with your thoughts on Malware & Bios (or both?) as the cause, but would not go further.  
This thread may have been long, but quite intensive & challenging at times.
Thank you.
Jonvee
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
ZIP or ZIPX 8 69
windbg taking it's time 32 49
Convert MSI to MSM 1 24
how to find then copy to anotehr file 3 24
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now