PDA

View Full Version : Please Help My Computer Is Runnning Extremely Slow What Can I Do?



verachion
04-01-2004, 06:09 PM
Hi,

I am trying to get the very best out of my computer and at the moment it takes ages to boot up I have included a hijack this log below can anybody please let me know what you think I should delete from it, what are all the web explorer lines of information, I currently use windows explorer to view the web I am not interested in any of the radio/messenger bits and pieces i would really appreciate som feeback if at all possible.

Thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 22:52:51, on 01/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\cidaemon.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\windows\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\lisa van gils\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{06308362-3376-4C53-A8B6-36B73B4E498E}: NameServer = 213.120.62.98 213.120.62.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{06308362-3376-4C53-A8B6-36B73B4E498E}: NameServer = 213.120.62.98 213.120.62.103
O17 - HKLM\System\CS2\Services\Tcpip\..\{06308362-3376-4C53-A8B6-36B73B4E498E}: NameServer = 213.1.119.99 213.1.119.100

PrntRhd
04-01-2004, 10:26 PM
Remove all the R1 Redclient aps, they are nasty tracking cookies from Yahoo, I had those and Budfred had me remove them.
More will advise.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/

Also visit blackviper (www.blackviper.com) and look at his Service Configuration tables to see what unneeded services be turned off in your XP configurations. It will make XP much faster.

Budfred
04-02-2004, 12:03 AM
Please use HJT to fix these as well:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)

Once you complete the fixes, please reboot and post a fresh log.

You also badly need to update WinXP to SP1 with Critical updates so that you don't get infected again by Blaster and other nasty worms. You need to make sure that you have a good antivirus which is up to date and a firewall. It would also be a good idea to install SpywareBlaster and IE-Spyads to block spyware from being installed.....

verachion
04-03-2004, 05:11 AM
Hi,

I have deleted,fixed and updated what you both advised and here is my new HJT log

Logfile of HijackThis v1.97.7
Scan saved at 09:30:36, on 03/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\windows\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\windows\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\lisa van gils\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.4533333333

shanmuga
04-03-2004, 05:43 AM
Your log looks clean of malware. Did you visit blackviper's site as suggested above ?, following advice available there about shutting down unwanted services will definitely improve your boot up time. You need to get rid of indexing service and ctfmon.exe which is involved with the language/alternative input services in Office XP, apparently running in your system. This is what blackviper's site say about indexing service,

"Indexing Service

This service always has been a major resource hog. I NEVER recommend having this service enabled. Remove the function via the "Add / Remove Programs" icon in the control panel (Windows Setup Programs). It uses about 500 K to 2 MB in an idle state, not to mention the amount of memory and CPU resources it takes to INDEX the drives. I have had people (and witnessed it on other people's computers) report to me that the Indexing Service sometimes starts up EVEN while the system is NOT idle... as in the middle of a game. You may feel, as I do, that this is unacceptable. If your computer suddenly seems "sluggish," Indexing Service is usually the cause of it."

Follow the instructions here (http://support.microsoft.com/default.aspx?scid=kb;en-us;282599) for removal of ctfmon.exe.

HeddaLora
04-06-2004, 09:22 PM
Additionally do these things:

-- Delete all temp files (c:\windows\temp\*.tmp)

-- Delete temporary internet files (c:\windows\temporary internet files\*.*)

-- If you use I.E., click on Tools, Internet Options, Delete Files, select "delete all off-line content", click OK

-- Click on Start, Programs, Accessories, Systems Tools, Disk Cleanup

-- Download AdAware (http://www.lavasoft.de), check for updates, run it and remove whatever it finds

-- Download Diskeeper (http://www.executive.com) and defrag

Hedda Lora

PrntRhd
04-06-2004, 11:52 PM
HeddaLora,

The issue was primarily malware-related, it would have been nice if verachion had posted back if it solved the issue though. He/she had some big guns helping him in the posts.


:rolleyes:

verachion
04-07-2004, 10:32 AM
Hi,

I know it looks bad but I did post back my thanks in another thread as the same people were helping me with another issue.

I have done everything I was advised to do and everything is back to normal, my viruses have been deleted my malware has been removed and my computer is now recovering. I know longer receive the grey pop up messenger boxes and the other pop ups are a thing of the past. As regards to the slowness of my computer it is tremendously faster now that everything has been sorted out.

Thanks again to everyone for all your help I truly do appreciate it.

Darren

HeddaLora
04-07-2004, 04:46 PM
Malware will definitely do it. I'm glad to hear the problem got fixed!

Hedda Lora

Flick
04-07-2004, 10:50 PM
If your system meets the following requirements, you should install the Intel Application Accelerator;

http://support.intel.com/support/chipsets/iaa/sb/CS-009287.htm

PrntRhd
04-07-2004, 11:38 PM
verachion,

Glad to hear it worked. It goes to show it is important to post problems and solutions in one thread until the problem is fixed though.

Flick,

Anyone have real world experience with the accelerator?

Flick
04-07-2004, 11:55 PM
Originally posted by PrntRhd
Flick,

Anyone have real world experience with the accelerator?

I do. It replaces the standard Windows ATA drivers with much faster Intel drivers and will significantly speed up your computer. If you don't like the Application Accelerator, it comes with an uninstall program which will remove the drivers and replace them with the originals. Also, it's free!

PrntRhd
04-08-2004, 12:10 AM
From a Google search:
"Here is a prototype of a user, who these drivers suit: he has a Pentium 4 computer, Windows ME operating system, a HDD with one large FAT32 partition. And he installs the drivers only to find out in the Intel Ultra ATA Companion at what speed his HDD operates.

From the drivers of the disc controller users expect a high speed and efficiency on any platforms and in any file systems. That is why high-level optimizations are better to be put in separate programs. And we should expect from the drivers a speed of high-level requests to a disc.

"here (http://www.digit-life.com/articles/intelata/) is the link I found this review at

Flick
04-08-2004, 12:34 AM
I have a P4 (1.4 GHz) with an Intel 850 chipset and I'm running XP Home. The Application Accelerator made a BIG difference on my system. Your mileage may vary.

PrntRhd
04-08-2004, 12:36 AM
Ok,
note I edited since your first view. I might try it on my XP Home notebook too.

Flick
04-08-2004, 12:46 AM
Originally posted by PrntRhd
Ok,
note I edited since your first view. I might try it on my XP Home notebook too.

Thanks! Yes, you had me a little (a lot) confused. You just have to go to the Intel site and make sure your chipset is included and then determine if you need the extra installation utility (depending on your chipset and your OS)and follow the instructions.

It has worked great for me! I'd be interested to hear how it works for you.