your computer is working slowly

Posted on 2008-10-07
Last Modified: 2012-05-05
Attachment to email was opened (not by me) called SInce then I have been getting popups from the system tray saying various things such as 'your computer is working slowly' and 'Your computer is infected with spyware'. I can't run Smitfraudfix cause it gets hung up trying to clean temporary files because it's been accessed by another process. Malwarebytes anti malware also fails towards the end with windows crash message box send dont send blah blah.
Question by:Paulduberry
  • 5
  • 5
LVL 47

Assisted Solution

rpggamergirl earned 250 total points
ID: 22659336
Try SDFix, (works only in Safe Mode)

Download SDFix and save it to your desktop.(either one below)

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back  
If SDFix also won't complete its run, try Combofix.

Please download ComboFix from either of these links to your Desktop.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. *
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

* The link below is a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.

* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please attach the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.


Expert Comment

ID: 22659530
In order to try to fix this you need to stop the service its using from starting up.
use msconfig to stop everything that you dont recodnise.
then disable system restore.
If you get any pop ups then just leave them alone for now. Dont even close them.
Clicking on these even trying to close it could cause the infection to exicute.
Down load spybot and once its up to date run it.
this should remove the issue you are having.
also run your AV. If youre having probs with your av then download and run AVG free.

Author Comment

ID: 22659567
Ran SDFix. Hasn't fixed the problem. Should I now run ComboFix? Also, the desktop has changed. JPEG and report.txt attached.
Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

LVL 47

Expert Comment

ID: 22659934

HKLM\SYSTEM\CurrentControlSet\Services\psyche <-- rootkit scanner found this service

SystemRoot%\System32\psyche.exe <--and this suspicious file, can you submit this for virus check at

Can you also show us a Hijackthis log please?
Download Hijackthis:

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.

Author Comment

ID: 22660034
HJT log attached. Psyche.exe no longer in system32 folder.
LVL 47

Expert Comment

ID: 22660172

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: getsn32.msiesn - {67FE3EFE-2915-4D08-8AF9-21723C19B0E4} - C:\WINDOWS\system32\getsn32.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Fix the above entries in Hijackthis.

C:\WINDOWS\system32\uesiuqcr.exe <-- delete this file.
If problem persists run Combofix.

Accepted Solution

Paulduberry earned 0 total points
ID: 22660891
Problem persisted. Ran ComboFix in Windows regular mode. Report attached. I'm happy. Another job well done. Thanks for coming to the rescue again.
LVL 47

Expert Comment

ID: 22664682

Thanks for the log.

I see combofix is not running from the desktop, it's recommended to be run from the desktop.

This entry below is still showing in the combofix log;
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,

C:\WINDOWS\system32\psyche.exe <-- this file is still present in the system as showing in the CF Gmer's log.

I'm not sure about that file that's why I asked to have it scanned. The file is hidden so you would've to show hidden files first to see it.
OR, You can just have combofix delete that file and the service.

Run combofix again using this script.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:

3. Save the above as CFScript.txt on your desktop(in the same location as combofix.exe).
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

Since your combofix is not running from your desktop, CFScript must also be put where you put combofix.exe for the script to work.



Author Comment

ID: 22676112
I had hidden files showing but still couldn;t find psyche.exe. I saw the entry for C:\WINDOWS\system32\uesiuqcr.exe and removed it from hjt . Not showing up now. I did this before your latest reply. The system has been returned to the user now so I can't do any more work on it easily. I realised afterwards that I ihad executed CombFix from my memory stick. I think everything is all right and again many thanks for your help.

Author Comment

ID: 22685559
I don't know if there is a problem. I want rpggamergirl  to get the 250 points. rpggamergirl, did you get the points or not?
LVL 47

Expert Comment

ID: 22696797
Yes, I got the points thanks. There's always that pending 4-day period (for objections) when you close a question this way.
Now, it's finally closed.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
virus issue 6 73
free antivirus program for windows 8 10 98
Virus or Ransom ware 6 403
.XTBL Ramsomware 2 184
INTRODUCTION "Virut" is a nasty, polymorphic file infector, and it infects every executable and screensaver file on access.  Some variant also infects .htm, html, .rar and .zip archives, and latest variants infects php and asp.  It patches system…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question