Why is my pc so slow?

rcpilot2
rcpilot2 used Ask the Experts™
on
  Hello, my Window XP pro is taking 4-5 minute to boot and is becoming very very slow. I have attached my hijack file. I also have scan with ad-ware and found nothing. I am running symantec endpoint virus protection and that is up-to-date. I also ran msconfig and checked out my startup programs, and that appears to be fine.This is a domain client computer(2003 Small Business Server) What else can I try?? his is driving me crazy!Any help would be appreciated!!!
hijackthis.log
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Is anything else slow? anything under event log? Try disabling all the start up items using msconfig, then go to the services tab and check hid all microsoft services and disable the rest. Reboot now and see if it's resolved. If it is then you can enable a group at a time to narrow it down.
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

You can remove these to stop them from starting up with the computer first of all.

O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

Remove this also, this is probably the cause of your problems. This is a Fraudulent Security Program.

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

I've looked this up and it seems to be legit. I would take it off the startup also unless it has an active scan feature.

Use Hijackthis or regedit to remove these.

Commented:
REMEMBER: BEFORE DOING ANYTHING (like this maintenance or a service pack update) BACKUP ALL OF YOUR CRUCIAL DATA!!!!

THEN, I would dump your temps and clean your system. Best way I have used for a couple of years now (both Win XP and Vista) is a free app called "Cleanup!"

http://www.stevengould.org/index.php?Itemid=69&id=15&option=com_content&task=view

After that I would make sure that you don't have a virus or spyware on that PC.

My favorite tool to run for a good sweep and to clean the registry is "Combofix". It has saved my users PCs at least a dozen times and is also a free utility.

Download and complete guide here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I would then clean the registry with something safe and simple (and free) like CCleaner. Use the registry tool to fix any non-spyware or virus related registry issues:

CCLeaner:  http://www.ccleaner.com/download

After all that you should make very sure you don't have a virus and that your PC is protected with an up to date AV app like AVG Free. If you don't have any current AV, then download and install AVG Free here:

http://free.avg.com/

Run a full scan on your PC.

You may also want to ensure you have the latest drivers or that none of your current drivers are corrupt, as well has having the latest BIOS for your motherboard. Those you will have to download from the manufacturers website (Dell, HP, etc...).

That's about as clean and safe as you can be. Unless there is physical corruption on your hard drive. If you suspect that there may be bad sectors on your HD then run the Windows tool "CHKDSK" at the command line. It will scan for bad sectors, attempt to retrieve any data on them, mark them and then never use them again.

To run check disk go to Start > Run > type CMD > in the dos window that opens, at the command line type "CHKDSK /fix" (no quotes).  Then follow the prompts.

That is about it.

REMEMBER: BEFORE DOING ANYTHING (like this maintenance or a service pack update) BACKUP ALL OF YOUR CRUCIAL DATA!!!!

Nothing could be more important than that backup (to other media like a USB Drive or DVD.

Also, many of the tools I suggested are free, but people put a lot of time into creating them to help everyone else out there. Those designers deserve more than credit and they all accept donations. It's good karma to drop them something through PayPal if they help you out.

Good luck.

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Has this problem occured over time, or just overnight?
Do you store quite a bit of files/folders on your desktop?
Is your user profile excessive in size?
Top Expert 2007
Commented:
This entry is bad and needs fixing which is from a Trojan-PSW.Win32.Small.bs

O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe

Hijackthis doesn't delete files so run tools as already mentioned like MalwareBytes and or Combofix
NOTE: DO NOT run these tools in safe mode unless the pc only boots in safe mode. And show us the Combofix log please.





@ thomascheung_net,
Please don't suggest Combofix to be run in safe mode, Combofix and
MalwareBytes are designed to be run in normal mode, safe mode is only necessary IF that's the only mode the pc boots.
It's better to only suggest the tools that you know well.

Author

Commented:
Ok I have run a clean sweep and a combofix, and attached the log. Please let me know if you need more info from me. It seems to be getting better in speed. So we are heading in the right direction.
@FlooringPro:
This Problem just slowly took over my computer, with very little fan fare.I do not have much stored on my desktop, or do I have large user profiles.
@thomascheung_net:
I have 2 GB of RAM on this PC
@rpggamergirl:
This entry is bad and needs fixing which is from a Trojan-PSW.Win32.Small.bs

O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
How can I be sure this has nothing to do with my Windows 32 Small Business Server?

log.txt
@rcpilot2
How old is the install?  The Reason i ask, Windows is notorious for becoming very slow after being installed for a long time.  Using XP, in my own experience, i typically re-installed the O/S once every couple of years.  If your next question is why does it get slow, then i will defer to one of the other EE's.
 
Top Expert 2007

Commented:
<<<"How can I be sure this has nothing to do with my Windows 32 Small Business Server?">>>

You don't have to believe me, you can check for yourself, try checking the startup entry in the registry see what it says. Then also check the properties of the file it should give you some information, and do some research.


I know I am sure because many sources confirmed it is.
By the way, it is a password and an infostealer just so you know.

HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\run\
ttool = c:\windows\9129837.exe

ttool <-- startup name
C:\Windows\9129837.exe <-- filename

http://www.bleepingcomputer.com/startups/9129837.exe-16056.html
http://www.threatexpert.com/files/9129837.exe.html
http://www.symantec.com/security_response/writeup.jsp?docid=2006-110710-2700-99&tabid=2
http://www.sophos.com/security/analyses/viruses-and-spyware/trojhiloadd.html
http://www.avira.com/en/threats/section/fulldetails/id_vir/2903/tr_psw.small.b.1.html
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_INJECT.ZZ&VSect=T
http://vil.nai.com/vil/content/v_160109.htm
http://74.125.153.132/search?q=cache:gJKBBGIQnTAJ:www.pandasecurity.com/enterprise/security-info/206993/information/Spyforms.BZ+9129837.exe+panda&cd=6&hl=en&ct=clnk&gl=au

Author

Commented:
rpggamergirl
How do you suggest removing this C:\Windows\9129837.exe <-- filename
problem
Top Expert 2007

Commented:
The file was not showing as one of the files deleted in the Combofix log, though Combofix did removed the relevant service --> Service_new_drv

It's possible that Combofix removed it during its first run (the log shows that CF has been run twice)

The entry was only showing in the Hijackthis startup line, but since Hijackthis can not tell us if the file still existit's hard to know.
You can either check the first combofix log and see if Cf had deleted it, or just manually look for the file --> C:\Windows\9129837.exe

If you can't find it(with hidden files showing) then that could also mean that it's just a remnant reg entry.

Top Expert 2007

Commented:
Or we can let Combofix find it and delete it if still present, using a script.


Run combofix again using this script.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\Windows\9129837.exe

------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

Author

Commented:
Thanks to all for your help
Top Expert 2007

Commented:
rcpilot2,

It's also a good idea to run an online scan with Kaspersky, it's a very thorough scanner just to check if it finds any threats that other scanners may have missed. It doesn't remove any viruses that it finds so you need to save the log.

When you're done with ComboFix you can uninstall it.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u

Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial