TechSpot

Dell Inspirion laptop w/ Vista loads slow, suspected virus present

Inactive
By dekita
Apr 15, 2011
Topic Status:
Not open for further replies.
  1. Hi you guys. So my roommate is having an issue with her laptop. It runs terribly slow, rendering it practically useless in Normal mode. Booting to safe mode works but the simple method of hitting F8 is not always successful since the computer freezes when it's booting Safe Mode (she usually has to do a cold boot) I tried doing a few diagnostic steps, like going System Config and disabling some programs from running, and I found some programs that I suspected to be viruses (these programs were booting from the C:\users\[username]\AppData\Local folder, with random lettering and.dll extensions) So I deleted them. I attempted to run AVG, and it didn't do anything (I don't think it worked). Tried running Malwarebytes but the application kept freezing (also, I was doing all of this in Safe Mode since normal mode was virtually impossible)

    What should I do? Whenever the computer boots, it runs very, very slow, taking a long time just to get to the login prompt. And once we login, the screen is just black. Again a virus is suspected but I don't know what I should do anymore
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help find the problem. But please don't delete any more .dll files because you don't know what they are.

    Give me some info on the system please:
    1. How much RAM?
    2. How much hard drive available.
    3. Is this a new problem? Were there any downloads or updates done before this began?
    4. Which model Inspiron is it?
    5. When was the last maintenance done on the system> to include disc cleanup for temporary internet files, Cookies< Downloads, ect, defrag, Error check and defrag?

    I'm not understanding about the 'cold boot' for Safe Mode. You can't boot into Safe Mode from Normal Mode. Take the system down and then boot into Same Mode. If she's trying to use F8 from Normal Mode, it's not going to work.

    "Terribly slow" and "practically useless" in Normal Mode doesn't mean you can't use it.

    This is what we start with to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. dekita

    dekita TS Rookie Topic Starter

    System:
    2GB RAM
    150GB HD, 64GB free
    Dell Inspiron 1521
    The lag has been going on for a few weeks, but most recently it's become a major issue. She downloaded a few puzzle games and updated the DiVX Player

    The last disc cleanup was done earlier today, it removed about 1GB of stuff. Also the Startup Repair module pops up frequently whenever the computer is rebooted

    Oh and Safe Mode is working, she was just doing a complicated method of going onto Safe Mode

    Here's the Malwarebyte's log
  4. dekita

    dekita TS Rookie Topic Starter

    The GMER program kept restarting the computer, so I don't have a log of the program. Here's the two files from DDS

    2nd text file from DDS
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please don't put the logs in quotes. It cuts down on the 'space' for them to display.

    Regarding this:
    Startup Repair: frequently asked questions
    If you have a Windows Vista installation disc, you need to restart (boot) your computer using the installation disc. If you do not restart your computer from the disc, the option to repair your computer will not appear.

    Please visit this Microsoft site: How do I use Startup Repair?

    That module is coming up for a reason. Please follow the repair directions. When finished, I'll have you rescan to see if there is malware present.

    You should remove one of the 2 AV ( AVG and McAfee.) programs running.

    Java needs to be updated: Check this site .Java Updates. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Edit: I see quite a few entries that need to be removed. I also note an excess of processes running. This, along with the 2 security suites from AVG and McAfee will account for much of the slow speed. Once we get the system stable, we can address these.
  6. dekita

    dekita TS Rookie Topic Starter

    I'm sorry, I wasn't being very clear when I last posted. The Startup Repair module came on whenever we tried to access the computer in Normal mode (Whenever the computer is booted normally, it completely freezes with a black screen) Safe Mode is the only available way to run the computer (whenever it's booted in Safe Mode it loads correctly and promptly) The scans I posted earlier were done after Startup Repair had ran.

    I tried removing McAfee but a Windows Installer error keeps appearing, stating that there's a problem with the Windows Installer program. I googled this issue and came across this article here:http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_programs/i-get-error-1721/d1a6bb7f-8639-41e7-a8b1-9dfd16330507. I followed these instructions up until Step 3. I have a log of the System file checker, and it came across some problems that it couldn't repair. I'll post that log as well if it helps.

    Also I updated Java. Since I can't uninstall McAfee, should I uninstall AVG? I actually prefer AVG

    Here's the log from the System File Checker tool, I don't know if it's relevant but hopefully it'll show something?? This contains files that could not be repaired from the tool

    2011-04-16 15:26:20, Info CSI 000000a3 [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 15:26:23, Info CSI 000000a5 [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 15:37:42, Info CSI 00000129 [SR] Cannot repair member file [l:24{12}]"sqloledb.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-Oledb-SQLServer-Provider-Dll, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 15:50:41, Info CSI 0000012a [SR] Cannot repair member file [l:12{6}]"mf.dll" of Microsoft-Windows-MediaFoundation, Version = 6.0.6002.18392, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:02:07, Info CSI 00000167 [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:02:16, Info CSI 00000169 [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:23:10, Info CSI 00000187 [SR] Cannot repair member file [l:24{12}]"spreview.exe" of Microsoft-Windows-ServicePackCoordinator, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:24:56, Info CSI 00000188 [SR] Cannot repair member file [l:24{12}]"spreview.exe" of Microsoft-Windows-ServicePackCoordinator, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:37:25, Info CSI 000001e9 [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:43:49, Info CSI 000001eb [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:44:23, Info CSI 000001ec [SR] Cannot repair member file [l:24{12}]"spreview.exe" of Microsoft-Windows-ServicePackCoordinator, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:44:49, Info CSI 000001ee [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2011-04-16 16:44:49, Info CSI 000001f4 [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
  7. dekita

    dekita TS Rookie Topic Starter

    Okay here's a brief update. So running the Systems File Checker tool must've done something, because I was now able to remove McAfee from the computer. Java was updated as well. What should I do now? Should I run those tools (Malwarebytes, DDS, etc) again?
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    When a helper is assisting you in removing malware from the system, you should not follow directions from another source unless your helper specifically directs you to do it. If you have problems acting on something, I am who you ask for guidance. While I appreciate your efforts to find a remedy yourself, that is discouraged once you are actively getting help

    What were you using to remove McAfee? There are times when the Windows Installer is needed but it doesn't run in Safe Mode. But I did not ask you to run the SFC, not leave the log. However, since you have now used a tool that can potentially invalidate previous log entries:
    Please update and repeat Mbam.
    Please repeat DDS.
    Try GMER in Safe Mode

    ===============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  9. dekita

    dekita TS Rookie Topic Starter

    Hi, I just wanted to give an update. My friend's computer was really going slow to the point that it would just hang when it was booting. She also mentioned that the light signals for the hard drive would sometimes not even be on or blinking. So she took it to the student help desk and they discovered she had a lot of bad sectors on her hard drive and it was pretty much on the verge of failure. So they had her order a new hard drive and it should come in by the end of this week.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update. A suggestion while your roommate is waiting:

    Do an Error Check: Click on My Computer> Right click on Local Drive(C)> Properties> Tools tab> Error Check section> Click on Check now> on the screen that comes up, check 'Automatically fix file system errors> Check Scan for, and attempt recovery of, bad sectors'> Click on OK> Apply> Close the message that comes up> Be sure all active Windows are closed and reboot the computer.

    The Error checking will start in a few seconds. It may take a while to finish, but let it run. The computer will reboot when through.

    Might help with those bad sectors and/or it might buy some time.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.