Computer running slowly (HJT log included)

[blade995]

Well my computer had been running slowing for a few days now. I thought it might be a virus sinced I haven't scanned in about 2 months, it found nothing. I scanned with Ad-aware, Spybot, and Mcafee virus scan.

 

 

 

I have a Yahoo wiget that shows the current internet traffic and it's constantly going at 3kb/s or more while not doing anything on the internet. I thought it could be a virus that it "calling home", but the scans didn't find anything.

 

 

 

I recently installed a soundcard (creative X-fi) and maybe it could be all the bloatware it comes with causing the slowness?

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 12:10:37 PM, on 7/18/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.5450.0004)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB[Caution: Executable File]

 

C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: Executable File]

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_07\bin\jusched[Caution: Executable File]

 

C:\Program Files\ATITool\ATITool[Caution: Executable File]

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: Executable File]

 

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET[Caution: Executable File]

 

C:\Program Files\Creative\Shared Files\Module Loader\DLLML[Caution: Executable File]

 

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel[Caution: Executable File]

 

C:\WINDOWS\CTHELPER[Caution: Executable File]

 

C:\WINDOWS\system32\CTXFIHLP[Caution: Executable File]

 

C:\Program Files\Logitech\MouseWare\system\em_exec[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\PowerISO\PWRISOVM[Caution: Executable File]

 

C:\WINDOWS\SYSTEM32\CTXFISPI[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: Executable File]

 

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: Executable File]

 

C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden[Caution: Executable File]

 

C:\WINDOWS\system32\CTsvcCDA[Caution: Executable File]

 

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: Executable File]

 

C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File]

 

C:\WINDOWS\System32\snmp[Caution: Executable File]

 

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

C:\Program Files\Creative\ShareDLL\CADI\NotiMan[Caution: Executable File]

 

C:\Program Files\Google\Web Accelerator\googlewebaccclient[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: Executable File]

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: Executable File]

 

C:\Program Files\SpeedFan\speedfan[Caution: Executable File]

 

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\Documents and Settings\B-rad\Desktop\HijackThis[Caution: Executable File]

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredi ... bm=ho_home

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: Executable File]

 

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX[Caution: Executable File]

 

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB[Caution: Executable File]

 

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: Executable File]" /checktask

 

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: Executable File]"

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

 

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool[Caution: Executable File]" -s

 

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: Executable File]" runtime -Delay

 

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET[Caution: Executable File]"

 

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML[Caution: Executable File]" RCSystem * -Startup

 

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML[Caution: Executable File]" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

 

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel[Caution: Executable File]" /r

 

O4 - HKLM\..\Run: [CTHelper] CTHELPER[Caution: Executable File]

 

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP[Caution: Executable File]

 

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg[Caution: Executable File]

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [PWRISOVM[Caution: Executable File]] C:\Program Files\PowerISO\PWRISOVM[Caution: Executable File]

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: Executable File]" /R

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire[Caution: Executable File]

 

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine[Caution: Executable File]

 

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden[Caution: Executable File]

 

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

 

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

 

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

 

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O11 - Options group: [iNTERNATIONAL] International*

 

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.6.0.cab

 

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8350048781

 

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag[Caution: Executable File]

 

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

 

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: Executable File]

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: Executable File]

 

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File]

[Biggieg333]

Well, I can't really help you, but I do have a scanner you could try. It's called Microsoft AntiSpyware. If I remember right, It will find 99% of all viruses. I hope this will work.

[tunaboy692004]

omfg, i finally found a spyware scanner that detects 99% of all my viruses !!1!!1

 

 

 

 

 

 

 

:roll:

[blade995]

Well now my computer is crashing :( .

 

 

 

My mcafee firewall said it blocked 2506 events today :shock: ! Is that normal? Could that mean someone is derliberatly trying to get access to my computer?

 

 

 

It says only 5027 events blocked this month and 2506 from today? It says blocked 2514 events this week, only 8 more than today's total :? .

[Biggieg333]

Well that soudns like you've clicked something that is trying to download thousands of viruses. Hopefully all of them were blocked. Oh, in response to the "tunaboy" character, try giving him some advice, and PM me your problem.

[Ard_Choille]

I see a bunch of things reported as running on your HJT list that really are NOT essential to either Windows or the Components/Software they support. I'd clean up the programs that are configured to run at system startup. XP may very well have it's own utilities for that but for Win2k, I use the Startup Monitor and Startup Control Panel found at http://www.mlin.net. These plugins give me easy access to cleaning up my startup programs as well as monitoring/notifying me when a new program wants to be configured for startup at boot time. When you do check your running applications & processes, I recommend using these two lists to cross reference what you have running to help you determine if it is "essential" or just a memory hog:

• *

AnswersThatWork - Task List Programs
 
* Uniblue - WinTasks Process Library

If you find files running that you know you don't use anymore, uninstall them from the Control Panel.

 

 

 

Now that you've run some system scans, I'd recommend using Ad-Aware SE, Spybot Search & Destroy as well as keeping antivirus running. If you run full scans at least weekly, your problem shouldn't rear it's ugly head again.

[blade995]

I see a bunch of things reported as running on your HJT list that really are NOT essential to either Windows or the Components/Software they support. I'd clean up the programs that are configured to run at system startup. XP may very well have it's own utilities for that but for Win2k, I use the Startup Monitor and Startup Control Panel found at http://www.mlin.net. These plugins give me easy access to cleaning up my startup programs as well as monitoring/notifying me when a new program wants to be configured for startup at boot time. When you do check your running applications & processes, I recommend using these two lists to cross reference what you have running to help you determine if it is "essential" or just a memory hog:

• *

AnswersThatWork - Task List Programs
 
* Uniblue - WinTasks Process Library

If you find files running that you know you don't use anymore, uninstall them from the Control Panel.

 

 

 

Now that you've run some system scans, I'd recommend using Ad-Aware SE, Spybot Search & Destroy as well as keeping antivirus running. If you run full scans at least weekly, your problem shouldn't rear it's ugly head again.

 

 

 

Just used those programs, there very good :) . It is still running a little slower than normal.

 

 

 

I was thinking it might be a problem with one of the Yahoo Wigets. Could there maybe be a memory leak or something in one that eating up all my memory making my computer slower?

[superdumb6]

Google all of the processes, if you get a whole lot of, watev process was, it is a dangerous spyware program and should be deleted. Also, after you fix that prob, and its still slow, try overclocking the cpu. This will speed it up a bit. But be careful, to do this, you will need a very good liquid cooling system, or a good cpu fan. And yes, new components put more stored processes on the memory, making everything a bit slower. To overclock cpu, im too lazy to explain, so try overclockers.com

[blade995]

Google all of the processes, if you get a whole lot of, watev process was, it is a dangerous spyware program and should be deleted. Also, after you fix that prob, and its still slow, try overclocking the cpu. This will speed it up a bit. But be careful, to do this, you will need a very good liquid cooling system, or a good cpu fan. And yes, new components put more stored processes on the memory, making everything a bit slower. To overclock cpu, im too lazy to explain, so try overclockers.com

 

 

 

It's already overclocked :D . Yes it is stable (24hrs of prime95). I don't have water cooling either.

 

 

 

It's not wise to suggest overclocking here because a lot of people don't know what thier doing and can seriously mess their computer up.

 

 

 

After scanning in safe mode (again) it did find a virus. Took care of it. Booted back up in normal mode, and getting system file errors.

 

 

 

Anywase the summary of what I did to fix this today.

 

*I did a fresh Windows install (not a format just the windows files)

 

*updated my sound card drivers

 

*then defraged (which wouldn't have caused it because I run it weekly anyway)

 

 

 

I think it might have been more the sound card drivers more than the virus. I find Creative's drivers very buggy, The beta ones are much better.

[weezcake]

Really? I've never had trouble with Creative's drivers.