1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Computer running real slow [HJT log]

Discussion in 'Malware and Virus Removal Archive' started by Lee, 2005/06/05.

Thread Status:
Not open for further replies.
  1. 2005/06/05
    Lee

    Lee Inactive Thread Starter

    Joined:
    2002/01/15
    Messages:
    179
    Likes Received:
    0
    Computer running real slow

    Here's my specs:

    Windows XP SP2
    2.54 GHz P4
    768 MB RAM
    768 MB of Virtual Memory
    Nvidia GeForce FX5600 256MB
    30 Gig HDD, partitioned into two 15 gigs
    250 Gig HDD, partitioned into one 200 gig, and another 50 gig

    When I launch an app from the quick launch bar, it'll take anywhere from 3-6 seconds to load the app. While launching it'll make Winamp skip on the song it's playing. Booting up is odd. One the loading screen with the windows logo on boot up, it'll take near two minutes to get past that. When it finally loads Windows, it is almost immediately done loading.

    I've run a check for spyware and such with Spybot and Adaware. I've defraged every drive, although I used the Windows Disk Defrag, if that matters anymore. I've taken out the sticks or RAM to see if either of them were bad, still was slow. I have also turned off the indexing feature, no luck with that. The only thing I haven't tried yet is partitioning the 200 Gig into two 100 Gigs HDDs to see if that'll help.

    Any help will be appreciated!
     
    Lee,
    #1
  2. 2005/06/06
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    1. download and run HijackThis
    2. post the log here (or in removing spyware forum)
    3. also, virt mem should be at least 1.5x total ram amount.
     
    TonyT,
    #2


  3. to hide this advert.

  4. 2005/06/06
    Lee

    Lee Inactive Thread Starter

    Joined:
    2002/01/15
    Messages:
    179
    Likes Received:
    0
    This is what HijackThis gave me:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:18:51, on 06/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Media Pass\MediaPassK.exe
    C:\Program Files\Media Pass\MediaPass.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\DOCUME~1\squeezy\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emusic.com/?fref=149125
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [Steam] F:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    I'll go ahead and change the virtual memory too.

    What are you looking for in there?
     
    Lee,
    #3
  5. 2005/06/06
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    You have an infected computer:

    Use Hijack This to FIX:
    O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe

    then follow these advanced removal instructions to get rid of all media pass stuff:
    http://labs.paretologic.com/spyware.aspx?remove=Media Pass

    Next, get rid oif that Ram program you have called RAM Saver Pro, you have an ample amount of RAM top begin with and XP itself does a better job at managing memory than any other app can do. provided you have 512 MB of ram or more (which you do), then ram optimizes, defraggers, etc are completely unnecessary in xp, in fact it's more of a hoax that these 3rd party made memory managers even exist for xp.

    The only real advantage of such apps if is one does very insense heavy graphics creation in Photoshop or video-audio editing apps that require more free memory than currently available.

    But if you open task manager by rt clicking the taskbar and then click the Performance tabe you'll see how much memory is being used at any given time, and you'll likely see no need for such ram optimezers/optimizers.
     
    TonyT,
    #4
  6. 2005/06/08
    Lee

    Lee Inactive Thread Starter

    Joined:
    2002/01/15
    Messages:
    179
    Likes Received:
    0
    Thanks, that pretty much did the trick!
     
    Lee,
    #5
  7. 2005/06/08
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    well done!
     
    TonyT,
    #6
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...