Seriously Slow System

Nellington · Feb 1, 2009

Hi guys, my Laptop, for no apparant reason decided to slow right down to the point where it is pretty unusable right now. Difficult to explain, when Windows is started and you get the "windows startup tune" the computer is seriously labouring to play it and the sound is fragmented. The same is true playing any media files, videos or music, etc. When I click on the "start" button on the task bar it can take up to 45 seconds for the menu to appear, which is obviously not right and has never done this previously.

Before posting here I tried to cover a few of the bases to see if I could figure this out myself. So far I have used CCleaner to remove a load of crap from my hard drive, I have plugged in an external hard drive and removed all of my media files, photos etc to free up some space on the C: drive, I have run AVG8, SpyBot, Mbam, superantispyware and have found no problems. I have defragged the C: drive, defragged the registry, and run chkdsk on the C:, changed the startup properties to reduce the number of programs activated on startup. None of these things have helped, so just to be on the safe side I have also replaced my 1GB of Ram with 2GB in case the memory was playing up. This has made no difference.

On of the things I have noticed is that the system resources seem to be really high even when nothing is running, so I thought I would list the processes running when I am doing nothing other than using the internet, would anyone out there be able to tell me if any of the processes are malicious or not needed so I can go about fixing this?

As we speak I have IE open and task manager during which time I have running:

taskmger.exe
wscntfy.exe
aolsoftware.exe
aolsp scheduler.exe
svchost.exe
KHALMNPR.exe
hpswp_clipbook.exe
KEM.exe
alg.exe
iexplore.exe
ctfmon.exe
igfxpers.exe
hkcmd.exe
igfxtray.exe
aolsoftware.exe
avgcsrvx.exe
svchost.exe
TEKS_Service.exe
Wbload.exe
wanmpsvc.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
CTSVCCDA.exe
avgwdsvc.exe
svchost.exe
svchost.exe
inCDsrv.exe
svchost.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
AOLacsd.exe
smss.exe
avgnsx.exe
avgnsx.exe
avgemc.exe
spoolsv.ee
explorer.exe
system
system idle process

Are any of these malicious or unnessercary?

In case it makes a difference I am running XP Home Edition ver 5.1, have 2GB of RAM, 1.5ghz Celeron M processor.

Cheers guys, sorry for the super long message!!!!!!

TimW · Feb 2, 2009

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

To avoid addtional delay in getting a response, it is strongly advise that after completing the READ & RUN ME you also read this sticky Don't Bump! It Only Hurts You!!!. Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

Nellington · Feb 3, 2009

Hello,

Thanks for this, I have followed the instuctions:

1) I have changed the startup mode to normal in msconfig
2) I have downloaded the most recent version of Java and removed the older version from add/remove programs
3) I used add/remove programs and compared with the list given in the link, I had "Viewpoint media player" which was listed and have removed this. I also removed something called "KTP Ware PS/2-WDM" which looked a bit iffy when I did a search for it in google.
4) Due to problems I was having with combofix I followed the instructions with regards to TDSSserv, it is not present
5) I ran CCcleaner
6) All files and folders set as requested (i.e. not hidden)

I ran:

1) Super anti-spyware (log attached)
2) Spybot SD (Log attached)
3) Malwarebytes Anti Malware (log attached)
4) Combo fix - This would not run in normal startup mode, after clicking on the icon a timer would appear on the screen at which point the system would freeze and require restarting. I tried this a number of times, it would not work. I then restarted in safe mode, the program then started and gave me the message "current date is 03/02/2009 combofix has expired, click yes to run in reduced functionality mode, click no to exit". I click yes and ran the scan (log attached). When I tried to access combofix a second time to see if I could update it, the folder has no emptied itself? The folder that I was using is now empty with no files and 0kb showing in properties?!?!
5) MGtools (Zip file attached)

I will post the attachments that won't fit into this into a another reply to this thread.
Cheers guys!!!

Nellington · Feb 3, 2009

The other 2 logs attached to this reply!!

TimW · Feb 3, 2009

Your logs are clean. I suggest you post in the software section regarding your slow issues.

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Nellington · Feb 4, 2009

Wow, I didn't expect that!! Thanks for taking the time to look into this for me, I appreciate it. The "View point media" thing turned up again so I deleted it again. Only thing, for some reason my AVG8 anti-virus will no longer work?!?!?

When I hit the AVG8 icon I get the following message:

C:\program files\avg\avg8\avggui.exe
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

When I try to uninstall or repair I get this message:

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

Is this something that has occured as a result of some of the software I have been using to scan my system or is it symptomatic of something else??

TimW · Feb 4, 2009

Viewpoint will keep coming back whenever you use AOL software.

As to AVG, it has been problematic for many users. I suggest you post in the software forum for assistance with that issue --- or just get some help to uninstall it and choose a different AV program.

Log in or Sign up

Seriously Slow System

Nellington Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Nellington Private E-2

Attached Files:

SAS LOG.txt

SpybotSD.Log.txt

mbam-log-2009-02-03 (20-16-16).txt

Nellington Private E-2

Attached Files:

combofixlog.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Nellington Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member