Tech Support Forum - View Single Post - Help!! CPU running slow, yellow triangle w/ exclamation pt and constant pop-ups

**TheBruce1** · 04-27-2007, 03:50 PM

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------------------------------------

P2P

P2P - I see you have P2P software <Ares 1.9.7,BitTornado 0.3.9,BitTorrent 3.4.2>) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------
Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click the running icon of Spywareguard located in the system tray
Go to Menu > File > Exit and confirm the programs close.

Ewido

*Open Ewido by double-clicking the yellow 'E' icon in the system tray.
*In the 'Your security status' section, toggle the Ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
*When you reboot, Ewido will prompt you as to whether you would like to "Restart the guard?".
*Reply 'no' and set it to 'inactive' for the duration of your cleanup.

-------------------------------------------------------------------------------------------------
Downloads

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Open Hijack This and click on 'Do a System Scan Only'. Check the following entries if found (make sure you do not miss any)

O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89

---------------------------------------------------------------------------------------------------------

ComboFix

Download ComboFix from here or here

**Save it to your desktop**

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------------------------------------------------------------------------------------------

Logs Required
report.txt(from Fixwareout Tool)
C:\Combofix.txt

Let me know how you system is behaving,thanks.

04-27-2007, 03:50 PM	#3 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Help!! CPU running slow, yellow triangle w/ exclamation pt and constant pop-ups Hello and welcome to TSF Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. -------------------------------------------------------------------------------------------- Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding. --------------------------------------------------------------------------------------------- P2P P2P - I see you have P2P software <Ares 1.9.7,BitTornado 0.3.9,BitTorrent 3.4.2>) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. --------------------------------------------------------------------------------------------- Spywareguard Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean. Right click the running icon of Spywareguard located in the system tray Go to Menu > File > Exit and confirm the programs close. Ewido *Open Ewido by double-clicking the yellow 'E' icon in the system tray. In the 'Your security status'* section, toggle the Ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'. When you reboot, Ewido* will prompt you as to whether you would like to "Restart the guard?". Reply 'no'* and set it to 'inactive' for the duration of your cleanup. ------------------------------------------------------------------------------------------------- Downloads You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Open Hijack This and click on 'Do a System Scan Only'. Check the following entries if found (make sure you do not miss any) O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: NameServer = 85.255.114.27,85.255.112.89 O17 - HKLM\System\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: NameServer = 85.255.114.27,85.255.112.89 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89 --------------------------------------------------------------------------------------------------------- ComboFix Download ComboFix from here or here Save it to your desktop Double click on ComboFix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ------------------------------------------------------------------------------------------------------------- Logs Required report.txt(from Fixwareout Tool) C:\Combofix.txt Let me know how you system is behaving,thanks. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating