Results 1 to 11 of 11

Thread: Computer going extremely slow

  1. #1
    Junior Member
    Join Date
    May 2006
    Posts
    25

    Computer going extremely slow

    Hey guys, so all of a sudden my computer started to go really slow. This just happened over night. I have a lot of space on my computer so that it not a reason. I believe i picked up a virus somewhere. Here is my Hijackthis log.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:48:54 PM, on 20/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\TEMP\B9C7581F.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
    C:\WINDOWS\system32\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.algonquincollege.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirec...nload&lang=eng
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [LUPGCONF] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LUpgConf.exe" /RunOnce:4_02_00
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [winconf] C:\WINDOWS\TEMP\B9C7581F.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Any help would be awesome. thanks guys

  2. #2
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    This one looks like it sucks large amounts of jacksy -

    O4 - HKLM\..\Run: [winconf] C:\WINDOWS\TEMP\B9C7581F.exe

    A seemingly random exe file name with a location of %temp% can't be good.
    I'm using Windows 7 - you got a problem with that?

  3. #3
    Junior Member
    Join Date
    May 2006
    Posts
    25
    It won't let me delete it so im guessing there is something up with it in a bad way.

  4. #4
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,638
    Boot into Safe Mode and try to remove it from there.

  5. #5
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    Hi backer

    What others have said here is right. That file needs to go.

    However, do a general clean up first.

    Download Ewido/AVG Anti Spyware from here ….

    http://www.ewido.net/en/

    It has a fully working 30 day trial period.

    Install it and update it to the latest definitions.

    Do NOT use it yet.


    Now boot to safe mode. Here’s a “how to” if you’re not sure ..

    http://service1.symantec.com/SUPPORT...01052409420406


    When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

    REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it.

    [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].


    In your next reply please include ...


    1 . the AVGAS scan report ...
    2. a fresh HJT log ...
    3. an update on how your computer is operating now.


    It may be that more specific targetting of malware will be necessary.


    MM
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

  6. #6
    She who must be obeyed Super Moderator piaqt's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    1,702
    @ backer: If you have something long to post, please do so as a zipped or rar'ed attachment

    Last night, I shot an elephant in my pajamas. How he got in my pajamas, I'll never know.
    love, piaqt

  7. #7
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    It won't let you delete it because it is a running process, you need to stop the process using task manager first - you will see in the first section of your HJT that the process C:\WINDOWS\TEMP\B9C7581F.exe is about 2/3rds of the way down.

    Sorry I thought you would know that - it's just that I do it all day long so it seems obvious to me, I forget people have real lives as well.

    I'm using Windows 7 - you got a problem with that?

  8. #8
    Junior Member
    Join Date
    May 2006
    Posts
    25
    i got rid of the file and now im going to do what musicman told me to do.

  9. #9
    Junior Member
    Join Date
    May 2006
    Posts
    25
    So here is the virus and hijack this log should be attached.
    The computer seems to be running at the same speed which is a bummer even thought i got rid of a lot of infected files. If there is anything else you notice on these reports please let me know.

  10. #10
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    The AVGAS scan shows it did a lot of cleaning up.

    Run it once more - the same way you did before - and save the scan report again. Hopefully it will be much shorter this time round.

    -------------

    Open HJT ... click on scan ... put a tick/check mark next to this entry IF it's still present ...

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab

    [I always get rid of any 016 entry like this with "popcaploader" in it; these will slow down your system. The previous scans didn't remove it (perhaps understandable) so this will remove it manually]

    Remember to close ALL open windows - including this one - before clicking on "Fix Checked" at the foot of the HJT window.

    -------------

    This may (or may not) help the speed of your computer. The HJT log doesn't show anything else much that is malware related.

    However, you are running Panda.

    You have 44 Running Processes of which no less than 9 are all related to Panda. Over 20% of all RPs.

    I have seen reports of Panda being a resource hog so maybe you could use protection program(s) that are lighter on resources.

    If your system is still sluggish try this.


    Download Process Explorer and install it ...

    http://www.microsoft.com/technet/sys...sExplorer.mspx

    This is an amlplified version of your Task Manager.

    When you are aware of your computer running slowly open Process Explorer, click twice on the column headed "CPU". This will bring to the top of the list all the processes that are using up your resources. It will also try to identify if ANY processes are bad.

    Note down which processes are using the most resources and if any appear to be "bad".


    Please post back ...

    1. The new AVGAS scan report ...
    2. a fresh HJT log ...
    3. an update on how the computer is working ...
    4. details of any suspect processes.


    If all of this reveals nothing - and you are still having speed problems - there could be two possiblities ... you could have malware hiding from HJT and AVGAS and/or your hardware could need upgrading/repairing (e.g. RAM).

    Let's see what the above scans etc. turn up first.

    Personally, I won't be online much beyond today till after the Christmas break so please do this soon.



    MM
    Last edited by musicman; December 22nd, 2006 at 11:43 AM.
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

  11. #11
    Bronze Member
    Join Date
    Dec 2005
    Posts
    176
    Good work MM!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •