Slow computer, possibly infected. Issues with Windows Updates.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by TheDave85, Nov 3, 2014.

  1. TheDave85

    TheDave85 Private E-2

    Hi, can anyone help me sort my sisters old laptop- on which i'm running Vista Home Premium and i've been having a bunch of problems with, i've kind of been bumbling my way with things before I found the article on here about removing malware- originally I was getting a bsod 'irql not less or equal' 0x000000D1 (0x00000000, 0x00000002, 0x00000001, 0x8C7BB689) being caused by tcpip.sys (Address: 8C7BB689 base at 8C72A000, Datestamp 4b7d29d2) I think, I wrote this down although I don't have the original error logs (later I reset to factory settings) which I now seem to have resolved, the problem is I don't know what caused it and I don't have the old error logs.

    I had problems installing windows updates where they either wouldn't download, (stuck at 0%) or would get stuck perpetually at the checking for updates phase and I ended up fixing this with ms fixit, then installed them- then after a while it kept finding large numbers of 'new' updates which I gather I already had, with dates from 2012/2013 etc. I'm still having this issue.

    The problems reported by MS fixit (which still come up) are:

    -Check for/ repair missing or corrupt files.
    -Problems installing recent updates/ repair windows update.
    -Service registration is missing or corrupt/ reset service registration
    -Windows update error 0x80070057(2014-11-02-T-06_57_45P)/ Resetting windows update data store.

    I also downloaded TDSS before the reset and it found the following:
    Variant Win32/Somoto G (twice)
    Win32\Somoto Q
    Softpulse.B
    Toolbar.Conduit.U

    In the end like I said I decided to try reverting to factory settings to see if it helped, but I'm still having the same issues with windows update and things are still really slow, but no bsods.

    Whats more before I reverted to factory settings Comodo was counting lots of outbound (?) network intrusions, that were coming from (Application) System. Source IP 192.168.1.248, to 129.168.1.255 and to . I don't understand this stuff, but I haven't had any more reported.

    I've installed Comodo Internet Security since and run the antivirus, it found nothing. I tried to install Bitdefender and it's preliminary scan found nothing, although it won't run at startup and when I go and open it from it's directory its forever stuck on updating and tells me the service is unresponsive and a restart is required but this does not fix it. I'd try formatting and reinstalling windows but I can't find the install disc and other stuff that came with this laptop.

    I've made a bit of a hash of things so far- i've been at this for a few days, i'd really appreciate it if someone could help set things straight for me. Thanks.
     

    Attached Files:

    TheDave85, Nov 3, 2014
    #1
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, TheDave85

    I find no malware in your logs. Trusteer Rapport, which is offered by many banks for added protection, has been implicated as the cause of many BSODs; while you also have Comodo Internet Security and some parts of Bitdefender installed... having multiple av's is well known to cause many problems. I suggest that you first correct that, then start a new thread topic in our Software Forum.

    __________________________

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
    3. If running Vista, Win 7/8 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    4. Go to add/remove programs and uninstall HijackThis.
    5. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. After doing the above, you should work through the below link:
    Safe surfing! [​IMG]
     
    dr.moriarty, Nov 3, 2014
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds