Computer is slower than watching paint dry

[denine]

My computer has been acting really naughty lately. I think I might have gotten a virus or malware on my computer.

I have run the 8 steps and posted the logs as requested. Norton and Defender came up with nothing wrong.

I am also having a problem with my audio - I tried to use Skype the other day and it says I have no audio. I attached my DxDiag Notes.

Any help is most appreciated,
denine

 

[Bobbye]

The Malwarebytes logs shows No action taken. This means that you didn't check the line to remove the malware. Please UPDATE and rescan with Mbam, attach new log.

Superantispyware has a similar line to check. If you did not check that, updates, rescan, attach new log.

When you have finished with the above, please either do a Disc Cleanup or run a program like CCleaner. there are files that need to go in the trash. When through, empty the Recycle Bin.

I'll go through the logs and also give some removals for HijackThis. In the meantime I strongly suggest that you UNINSTALL this:
iGive

Please rescan with HijackThis after the reruns with Mbam and SAS. Include the new logs.

 

[denine]

Computer is slower than watching paint dry...

Thanks Bobbye,

I didn't realize that I didn't check the line to remove the malware. I reran the programs and checked remove for all listed items. I also reran CCleaner twice.

I tried to remove iGive - but it won't let me dump the iGive window in add/remove programs in the control panel, and when I try to delete the folder in program files, it says access is denied?

Lastly, I reran DdDiag, and the sound is testing ok - but will I be able to use skype voice now, or is there something else I need to activate/modify/etc? The reason I ask is b/c the message displayed said: Your sound card does not support hardware buffering. Sounds will only play back from software buffers."

Thanks for all of your help. denine

 

[raybay]

Tell us the brand, model, age, and hardware configuration of your computer... and what you mean by "...acting really naughty lately..."

 

[Bobbye]

Okay, looks good.

Please reopen HijackThis to 'do system scan only'.

Check each of the following if present> Don't click on 'Fix Checked' until all are done:

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [VF0560Inst] RunDll32.exe C:\WINDOWS\system32\V0560Pin.dll,RunDLL32EP 515 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [VF0560Inst] RunDll32.exe C:\WINDOWS\system32\V0560Pin.dll,RunDLL32EP 515 (User 'Default user')
O4 - HKLM\..\Run: [igivm] "C:\Program Files\iGive__Shopping__Window\iGiveShoppingWindowv.exe"
O8 - Extra context menu item: iGive Shopping Window - file://C:\Program Files\iGive__Shopping__Window\igivt\igivC5.htm
O9 - Extra button: iGive Shopping Window - {9B7E79AC-A646-4e45-A70F-1B3981FE370E} - file://C:\Program Files\iGive__Shopping__Window\igivt\igivC5.htm (file missing) (HKCU)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Close all Windows except HijackThis and click on 'Fix Checked.'

Boot into Safe Mode
[*] Restart your computer and start pressing the F8 key on your keyboard.
[*] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

• 
  [1] Right click on the Taskbar> Task Manager> Highlight each of the processes below and 'End Task':
• VIEWMGR.EXE
• iGive
• iGive Shopping Window
  
  [2]Start> Run> tytpe in misconfig> enter> Selective Startup> Startup tab> UNCHECK each of the following if present:
• Viewpoint Manager
• Viewpoint Media Player
• Viewpoint Toolbar
• iGive Shopping Windows
  [3] Click on Start> Control Panel> Add/Remove Programs> UNINSTALL any of the following if found:
• Viewpoint Manager
• Viewpoint Media Player
• Viewpoint Toolbar
• "iGive Shopping Window"
  
  [4]Right click on Start> Explore> Programs> find each of the following if present> right click on the folder> Delete:
• Viewpoint
• iGive Shopping Window (see my note at the bottom)
  
  [5]Start> Run> type in services.msc> right click> Properties on each of the Service below and reset the Startup Type to Disabled> Stop the Service:
• Viewpoint
• iGive Shopping Window.

Reboot into Normal Mode: NOTE: ignore the nag message and close it after checking 'don't show this message again.' Stay in Selective Startup.

Note: We encourage users to remove Viewpoint. It is not malware. It is considered 'foistware'. What is foistware?
[o]Foistware or Bundler is software bundled with completely unrelated programs. This means you didn't ask for it- it came bundled with another program.
Warning: If you install AOL © Instant Messenger, Adobe Atmosphere plugin, or another program that requires Viewpoint, it will download and install again.

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. This will include the AV and the firewall.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please attach the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Then follow wit a full system scan with the antivirus program. Save log and attach to new post.

Logs and Reports to attach to next reply:
1. Combofix report
2. AV log
3. Rescan wit HJT and include new log.

Please be more specific with the problem you're having, if you find them any better since we started and if there are any new problems. There are a few System 32 files I might have you delete, but want to wain until after Combofix.

I am not a hardware person so hopefully Raybay can assist with the sound issue.

 

[denine]

Hi Bobbye

Sorry it has taken me a few days to respond back to you...here is what I have done thus far:

I reran CCleaner to remove more crap since it has been a few days.
I reran Norton (no issues), SuperAntiSpyware (no issues), Malawarebytes (no issues), and HiJackThis (I removed the programs you mentioned). See attached logs.

I tried to run ComboFix, but it fought me the whole way. It said that I had Norton Client Edition running, but I followed ALL of the directions to disable, so it should not have been running (i.e. I went into configure, turned all of the options off, and clicked on the icon in the tray bar.)

However, Norton kept turning back on in the middle of a process - ComboxFix started running, but never made it past "scanning the ocmpuer for infections" - an hour went by and it had not completed any stages, but when I looked at the tray - all of the sudden the shield from Norton did not have the red slash across it. Yet, when I checked the configure option again, everything was still disabled?

The internet load up times are still slow - about 15 seconds for google, or any browser to load, especially if I have multiple windows/programs open. Any ideas?

-----

Raybay: naughty = taking a long time to open windows/programs, stalling out/crashing, etc.
I am on Windows XP, Intel processor 4 CPU 3 GHz, 502 MB RAM. Not sure what other info you need...

 

[denine]

Forgot logs from 7-11

Sorry - I forgot the logs. See attached.

 

[xsxpxaxzx42]

You could try to defragment your computer
go to google and type "how to defragment *type of computer you have*
then it will walk you threw steps for your computer

 

[Bobbye]

The internet load up times are still slow - about 15 seconds for google, or any browser to load, especially if I have multiple windows/programs open. Any ideas?

Your paging file is set too high. I don't have all the numbers needed for resetting, but here's the 'what is' and the 'how to':

Right click on the Taskbar> Task Manager> Performance tab:
The numbers in the Task Manager are in KB units. The numbers for the Virtual Memory screen are in MB. I've converted the MB to KB so you can better read the numbers in the Task Manager but will also have what you need for for the Virtual Memory setting.

Yours: Memory: 502MB RAM = 514 048 kilobytes
Page File: 655MB used, 569MB available
Total = 655+569 = 1224MB = 1 253 376 kilobytes

Page File is usually set to 1.5 total RAM. 502MB x 1.5 = 753MB.
(Yours looks to be about almost twice this)

You need to decrease the number on the Page File. When what you're running begins to exceed the RAM, it 'spills over' (very non-technical term) to the page file. The page file is slower. So the higher the page file, the sooner you 'spill over' and slow down. (Gad I hope I got the math right!)

Setting the Page File:

• Start> right click My Computer> click Properties
• Advanced tab> click Settings in the Performance section
• Click the Advanced> click Change under the Virtual Memory section

Once you've determined the most efficient usage solution, enter the values for each drive, clicking [Set] after each drive is configured followed by [OK] and a reboot to activate the changes.

More information on the technical side from the Elder Geek:
http://www.theeldergeek.com/sizing_the_page_file.htm

Uninstall Combofix: Start> Run> type in combofix /u <-Note the space and hit enter.

Download SDFix HERE and save it to your Desktop.

• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)
  
  Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
  Run SDFix
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

When you have finished above:
1. Do a disc cleanup
2. Do an Error Check with both boxes checked> then reboot to start.
3. Do a defrag.

 

[denine]

Computer is getting faster

Good evening,

Ok, where do I begin?

Combofix will NOT uninstall from my C-drive. I copied the combofix /u witht he space and all - and it is still urking on my drive - but does not appear in my control panel to delete. Any suggestions?

I am also a little too non-technical to reconfigure the page view thing - i did read ElderGeek, and get the computation part, but I just don't understand it enough to mess with those numbers. If it's not necessary, let me know if I can take a pass on that section.

I attached the report from SDFix, did a disk clean-up, an error ck, and a defrag. I posted the defrag report for you in case it helps. The computer seems to be moving along nicely - but I'll know more in the Am when I try to work on it.

So what do I do about combofix in the meantime?

Much thanks, denine