Dell Laptop slowing up, freezing, with occasional high CPU spikes

Status
Not open for further replies.

olliemcallister

Posts: 23   +0
Hi everyone! Relatively new to the boards - but have used you guys before when reading other topics as answers I've found using Google, always great advice!

I'm running a 18-month old Dell Inspiron I6400 with a home edition of Microsoft XP (SP2); I've not had problems with it before but in recent months it's begun to slow-up, overheat slightly, and overclock the CPU. I've also noticed that my Task Manager is showing more processes than normal - but not sure if any are malignant. Applications are freezing up and not responding randomly, IE will occasionally go crazy and start opening up dozens upon dozens of tabbed homepages, and the start-up process is very slow.

I run the McAfee security centre constantly, along with Spyware Detector, and perform updates regularly. I also run Ad-Aware frequently.

Any help on this would be great! Really am getting irritated with what is otherwise a good machine :)
 
Next please follow these instructions. Your version of Hijackthis is out of date AND installed in the wrong folder

First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, close it.

Naviagte here,
C:\Program Files\TrendMicro\HijackThis\HijackThis.exe
Rename HijackThis.exe to olliemcallister.exe, right click and send a shortcut to the desktop, Run HijackThis and post a fresh log.


Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
 
I cant find too much info on this,
Max Registry Cleaner

What made you get it?

Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Attach this log into your next reply

Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

: Download and Run DSS :

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Attach the main.txt and the extra.txt in your reply.
 
Done and done :) Files attached!

FYI:

Max Registry Cleaner was something I found through Google to clean up my cluttered registry - perform a scan every couple of weeks to remove things, not really sure what it does tbh.

Also - while I was running the DSS scan, my Spyware Detector popped up to say it had removed something called 'backdoor.rustock' - that mean anything?

I tend to have loads and loads of processes running - I don't know if you'd be able to suggest ones to get rid of, and/or programs to uninstall to improve performance?
 
Ill check through now, I wouldnt worry too much about what a former rogue spyware program was saying.

Your adobe reader is out of date HERE is the update

Unistall the following,
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Viewpoint Media Player


You would have to decide yourself what else to keep or ditch.

I would also consider uninstalling spyware detector see HERE
Trustworthy Anti-Spyware Products can be found further down the page.

As well as Max registry cleaner

Looking over logs now.
 
Okay - I've got rid of Spyware Detector and Max Registry Cleaner (both from MaxSecure apparently), and reinstalled (and updated) Ad-Aware and AVG, along with SpywareGuard and SpywareBlaster.

Updated Adobe, and got rid of Viewpoint.

Should I be worried that I have 67 processes running?

I also have installed something called PC Doc Pro 4.2 - seems to be another registry scanner I installed a while back.
 
Not really worried, its up to you how many you want to have on start up, SpyBot has a built in feature to control that.
 
Okay - also installed Spybot Search & Destroy too.

I'm just maybe a bit concerned that some of the processes may be malicious and I wouldn't know.
 
most malicious processes would show in the logs and yours where clean, if you want to you can post a fresh HJT log and ill look over it for you?
 
Ahh okay - didn't realise mine were clean :)

Yeh that'd be great - I'll just wait for AVG, Ad-Aware, and Spybot to finish everything they're doing, so it may be tomorrow before I get a chance to run a new HJT scan.

I was also wondering - I've got a couple of unused Apps that I'd like to remove, but the uninstall file is apparently corrupted... is there another way to remove them completely from my system?

I think I'm gonna have to go through all my files and delete what I don't need to free up space, and maybe have a look at processes that begin on start-up. Is there anywhere that'd tell me what processes I should leave alone, what ones are okay to turn off, etc?

And is there anything you'd suggest - apart from all the great help you've already given - for me to be doing to speed up my laptop and just to 'improve' how I'm using it generally (that sounds really vague!).

Cheers - I'll post a new HJT log asap!
 
Spybot very handily highlights all the ones in green that you shouldnt touch.

Which programs do you want to get rid?

Ill have to take a look tomorrow because its quite late and ive been up since 6.15.

There are a couple of things to make sure that the system is totally clean that we can do as well,

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    o Extended (If available, otherwise use standard)
    o Scan Options:
    o Scan Archives
    o Scan Mail Bases
  • Click OK
  • Under select a target to scan, select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Kas-SaveReport-1.gif

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file
  • In the Save as type prompt, select Text file (see below)

    Kas-Savetxt.gif

  • Attach the report in your next post.

Just take your time with these, the Kaspersky takes a good while to run but it is VERY thorough, it does not clean though, ill do that manually after.
 
Okay, ran a new HJT - the log is attached.

Also attached is the kaspersky scan report.

I ran two Malwarebytes' Anti-Malware scans; the first brought up three trojan files - which I deleted (after which, one of the programs I'm now running... possibly SpyBot, informed me that my registry was being changed and did I want to allow the changes - I said I did). The second scan came clean. Both files are attached.

Hope that helps.

As for what I'd like to remove - any unnecessary software, but I don't really know what that would be myself!

Is there anything else I can be doing to help you out, or any other scans you'd like me to run?
 
Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-9MLK6.exe" /REG

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Delete Files on Reboot
  • Start Hijackthis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the button labeled Delete a file on reboot...
    A new window will open asking you to select the file that you would like to delete on reboot.
  • Navigate to each file and click on it once, and then click on the Open button.
    C:\WINDOWS\is-9MLK6.exe
  • You will now be asked if you would like to reboot your computer to delete the file.
  • Click on the Yes button if you would like to reboot now, otherwise click on the No button to reboot later.

Apart from that theyre clean, the only viruses are in the system restore and they can do anything unless that point is used.

Please download OTMoveIt2 and save it to desktop.
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

    or

    Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for Spybot S & D

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
 
Okay - I'm now running:
- Ad-Aware
- AVG Anti-Spyware
- BOClean
- McAfee Security Centre
- SpyBot S&D
- SpywareBlaster
- SpywareGuard
- WinPatrol (Scotty)

I've just run a final HJT scan - report attached - if you could look over for me and just confirm nothing is on it that shouldn't be, then I'll be happy :)

Thanks for all your help!
 
Hey :)

Laptop's been running fine since - but I left it on while I nipped out to the shops for a couple of hours. When I got back, the CPU was running at 100% with everything slowing up. I tried ending processes that were using large percentages of processor power and high memory, but it didn't change anything. If, after ending a process, the CPU dropped (to about 80-odd%), it went straight back up to 100% in a second or two.

I turned it off and restarted - and, whilst its no longer running at 100%, there are still issues.

I've only got Windows Live Messenger and one IE browser open, along with 64 background processes, but where my CPU normally runs idly by at 4%, it's jumping wildly from 4% all the way up to 80% and hitting any value in between.

I've run a HJT scan for you :)
 
Status
Not open for further replies.
Back