PDA

View Full Version : very slow speed



goodiesguy
16-10-2010, 03:32 PM
Since Yesterday at around 9pm, my pc is going very slow, the desktop takes forever to load etc, and sometimes, when opening a new tab, firefox stops responding.

I have uninstalled things i don't need with revo. I have run Ccleaner, and Reg Cleaner 4.3.

I have gone into Msconfig and unticked things that don't need to be in the start up.

Windows Task Manager says: CPU usage 1% to around 30%.

At present, Firefox, foobar2000 (music player) and Windows Live Messenger are open.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:19 p.m., on 16/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\foobar2000\foobar2000.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Nathan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: Antiwpa - D:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 5203 bytes

SoniKalien
16-10-2010, 03:52 PM
how is it in safe mode?

The Error Guy
16-10-2010, 03:52 PM
O20 - Winlogon Notify: Antiwpa - D:\WINDOWS\SYSTEM32\antiwpa.dll

I seem to remember bad results last time this was found in a HJT log...

Snorkbox
16-10-2010, 03:55 PM
Which means we may not be able to help once more and you may have another few days off.

Speedy Gonzales
16-10-2010, 03:58 PM
Thats to bypass activation. Bad result = The last time you posted a log with that entry in it, you were banned for a few days

You can tick these then tick fix checked. Close browsers / or use ccleaner and delete the entry from tools / startup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

goodiesguy
16-10-2010, 04:02 PM
I got rid of that entry from my computer, so i dont know how it appeared. I am against that bypass activation. i got rid of it.

Obviously some traces of it were left behind.

I removed the above entries, my pc seems to be going a lot faster. i will keep you posted

Snorkbox
16-10-2010, 04:17 PM
Amazing how entries appear in Logs all by themselves like that is it not?

goodiesguy
16-10-2010, 04:22 PM
You think im lying? I'm not, as soon as i saw i was banned from pressf1, i decided to get rid of that entry to make sure i didn't get in anymore trouble. My pc has been having a few issues lately, and i have had to start it in different modes etc, to troubleshoot, so it very well could of restored to a previous state.

All i know, is that i removed it.

Speedy Gonzales
16-10-2010, 04:31 PM
You probably stuffed something up when you used reg cleaner

You can tick this entry as well

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Nathan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

Snorkbox
16-10-2010, 04:36 PM
I got rid of that entry from my computer, so i dont know how it appeared. I am against that bypass activation. i got rid of it.

Obviously some traces of it were left behind.

I removed the above entries, my pc seems to be going a lot faster. i will keep you posted

Well if you are against that bypass activation as you say here then why did you admit to using it earlier?

And I personally do not think at this time you have a LEGAL copy of XP Pro running on your PC. Produce a receipt for a copy bought since you were last banned without the use of Photoshop or similar or other devious methods and I will not only apologise publicly but I will also send you an amount to be agreed upon direct to your bank account if you have one.

Until you prove otherwise then the ball is in your court.

A receipt dated later than the post you made today at 4.32 PM in this thread is not an option BTW.

goodiesguy
16-10-2010, 04:44 PM
I am against the bypass since being banned.

The XP pro is legal and genuine. the receipt is probably long gone as it was bought 5 years ago, it still has the book that came with it though. and the disk has the Genuine hologram thingy

Snorkbox
16-10-2010, 04:47 PM
I am against the bypass since being banned.

The XP pro is legal genuine.

So therefore do you want to prove it and get some money?

goodiesguy
16-10-2010, 04:53 PM
I don't want your money. I can scan the disk and book if you like, to prove its genuine

Speedy Gonzales
16-10-2010, 05:02 PM
Activate it then

Snorkbox
16-10-2010, 05:45 PM
I don't want your money. I can scan the disk and book if you like, to prove its genuine

Please note. Scanning the disk and book will prove only the fact that the WinXP Pro CD you have is genuine which I did not really dispute.

What I am saying is that as it does not appear to be activated then it is highly likely that it's the same copy you said was genuine earlier and was being used outside the terms of the EULA which is why you had not activated same earlier.

What I asked for was a RECEIPT scanned for poof of purchase of a genuine copy of WinXP Pro dated and timed between the time you were last banned and the time you first posted asking for help in this thread.

Given the problems you have had with this PC in the past with video cards and etc I would have thought you may have gone and got another LEGAL key and/or media. Done a backup of your data and done a fresh install and activated the new installation as a first step in your way to getting a healthy PC.

If you had done that then there would be no remains of:-
O20 - Winlogon Notify: Antiwpa - D:\WINDOWS\SYSTEM32\antiwpa.dll
in your HJT log would there?

I noted that entry not long after you posted but I failed to point this out earlier as I wanted to ensure that I passed the 15 minute edit limit so the post you made did not change for any reason.

May I now assume you do not actually have a receipt as asked for so therefore you can't scan same? I deliberately left out the amount of money I was prepared to offer as I did not want you to add forgery to your list of things to maybe think about.

To the Mods and others:-
I agree that my posts in this thread are a direct attack on another Member and as such are frowned upon according to PressF1 rules. I will take, without protest, any lumps handed out to me because of the posts I made in this thread.

The Error Guy
16-10-2010, 05:56 PM
I don't like lumps, especially in custard.

Do you use ultramon? if not (un installed) then It should be ok if you get rid of O4 - Global Startup: UltraMon.lnk = ? I seem to remember that you use 2x monitors though so you most likely still use it

wainuitech
16-10-2010, 06:21 PM
To the Mods and others:-
I agree that my posts in this thread are a direct attack on another Member and as such are frowned upon according to PressF1 rules. I will take, without protest, any lumps handed out to me because of the posts I made in this thread. I dont think the comments are out of line. Its against forum rules to help out with known illegal software - so asking for proof now is not out of line if its been known before, esp if there's current errrrrrrrr inconsistent entries.

Very easy way to tell if a COA is illegal,as long as the COA was the actual one on the Machine that was being "tested".

I've had to prove to customers in the past that the COA they had installed by a "mate" was in fact illegal, only takes a few seconds -- then they go :blush: :o