NoBoDyDD
asked on
computer slow
hello
recently computer start to be slowly , when i click something it take longer then it use to be
HiJackThis
recently computer start to be slowly , when i click something it take longer then it use to be
HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:42:59 PM, on 7/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Passwdrenew - Unknown owner - C:\Windows\System32\rnpasswd.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8062 bytesASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What is your setup ?
My only bottlenecks are harddisk. Try hdtunepro to check your disks for errors. Is it slow on all disks ?
Try removing programs from your start up with msconfig and try to define if its one of your programs.
I can't see something special on the hijack log only a few things i would kill but maby you know them.
very consuming
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
dont know
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscra
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) -
@%systemroot%\system32\vss
O23 - Service: @%SystemRoot%\system32\Wat
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: @%Systemroot%\system32\wbe
My only bottlenecks are harddisk. Try hdtunepro to check your disks for errors. Is it slow on all disks ?
Try removing programs from your start up with msconfig and try to define if its one of your programs.
I can't see something special on the hijack log only a few things i would kill but maby you know them.
very consuming
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
dont know
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscra
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) -
@%systemroot%\system32\vss
O23 - Service: @%SystemRoot%\system32\Wat
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: @%Systemroot%\system32\wbe
ASKER
CPU Q9650
GPU GTX 550 TI
RAM 8 GB
system 64bit windows 7
hdtunepro shows no errors
GPU GTX 550 TI
RAM 8 GB
system 64bit windows 7
hdtunepro shows no errors
Try click on Start > type "msconfig" > "Startup" Tab > unchecked the software that you do not want it to load or not in used frequently, may help out.
@NLKornolio -
You should know that HJT cannot properly function on a 64 Bit system.
Read this:
HijackThis reports missing files on 64-bit Systems:
@NoBoDyDD:
HijackThis was a fine program many years ago but it hasn't been fully updated for years - and has NEVER been able to properly function on a 64 Bit system.
You will be much better using OTL (OldTimer's List-It) which is kept current and updated on a regular basis.
Please review the information in this EE Article and run the tools that will help you identify the services you are actually running on that system:
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_10722-Links-Tool.html
You can download it here:
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
You should know that HJT cannot properly function on a 64 Bit system.
Read this:
HijackThis reports missing files on 64-bit Systems:
@NoBoDyDD:
HijackThis was a fine program many years ago but it hasn't been fully updated for years - and has NEVER been able to properly function on a 64 Bit system.
You will be much better using OTL (OldTimer's List-It) which is kept current and updated on a regular basis.
Please review the information in this EE Article and run the tools that will help you identify the services you are actually running on that system:
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_10722-Links-Tool.html
You can download it here:
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
ASKER
i never knew that hijackthis ain't working right for 64bit, thnx for the info
i scanned with rogue killer and it shows me this:
and i attached the otl.txt and extra
OTL.Txt
Extras.Txt
i scanned with rogue killer and it shows me this:
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Root [Admin rights]
Mode : Scan -- Date : 10/03/2012 23:34:28
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 7e792c983f400009c11e63d3b197cc85
[BSP] c7bce29bc28daad0b8b4c030afcc77fb : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txtand i attached the otl.txt and extra
OTL.Txt
Extras.Txt
Why do you have "hackforums.net" in your proxy settings?
ASKER
cause i visited it from time to time and they just have anti-proxy thing, but i never opened anything from hackforums on this pc
Registry Entries 2 found by rouge
and im thinking removing avira and switching to nod32? what do you think
done scan with Malwarebytes' Anti-Malware found nothing
Registry Entries 2 found by rouge
and im thinking removing avira and switching to nod32? what do you think
done scan with Malwarebytes' Anti-Malware found nothing
Just so you know, you don't need to manually allow sites like that to do anything on your computer. Just visiting and/or allowing them to plant a cookie can/will lead to huge problems. I personally would never go to a site like that and would recommend that you stay away from it.
I think you would be ahead of the game to use Microsoft Security Essentials (Free) and buy a lifetime license from Malwarebytes (US$25).
Run RogueKiller again and run all of the Menu Options to let it auto-fix anything it finds.
Below are three basic EE Articles for attacking malware problems (including one to prevent it):
https://www.experts-exchange.com/A_1958.html MALWARE - "An Ounce of Prevention..."
https://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-
https://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Ai
I think you would be ahead of the game to use Microsoft Security Essentials (Free) and buy a lifetime license from Malwarebytes (US$25).
Run RogueKiller again and run all of the Menu Options to let it auto-fix anything it finds.
Below are three basic EE Articles for attacking malware problems (including one to prevent it):
https://www.experts-exchange.com/A_1958.html MALWARE - "An Ounce of Prevention..."
https://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-
https://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Ai
Hello NoBoDyDD y et al,
Reading this thread, there are some very good suggestions and troubleshooting paths to follow.
Something that I may have missed and I am not sure if this was covered or if this was something that was assumed, but when I am troubleshooting a performance issue, one of the first steps I take is to run my AVs in Safe Mode (I install and run Malwarebytes, Spybot, Superantispyware and Avast all at the same time). Viruses are like cockroches in the daylight when it comes to Safe Mode - The majority of them can not run in Safe Mode. This is not foolproof as it will catch the lower to medium grade viruses, but does give you a good base to work from.
Second, may I suggest (As a troubleshooting tool), to run Msconfig, go to the Startup tab and 'disable' ALL of the programs and sevices that are being loaded when your system boots. As a precaution, I take screen shots of the 'before' so that if nothing changes, then i can put things back to what they were.
NOTE: But before you do this, you need to find something that you can compare your
results to. Timing the loading of a large application (Quickbooks, TurboTax).
Do this about 5-10 times to get a good symptom variable, then make your changes.
Otherwise, you are troubleshooting in the dark if you do not have a good symptom
variable.
Third, you may want to consider running Perfmon to get an idea of what your system useage profile is. A simple little tool I use to see inside the system is Moo0 system monitor. It is FREE from CNET and does a good job of indicating the 'bottle necks', which is what you are interested in - it is nothing fancy, but it is basic enough to see what is going on.
Rojosho...
Reading this thread, there are some very good suggestions and troubleshooting paths to follow.
Something that I may have missed and I am not sure if this was covered or if this was something that was assumed, but when I am troubleshooting a performance issue, one of the first steps I take is to run my AVs in Safe Mode (I install and run Malwarebytes, Spybot, Superantispyware and Avast all at the same time). Viruses are like cockroches in the daylight when it comes to Safe Mode - The majority of them can not run in Safe Mode. This is not foolproof as it will catch the lower to medium grade viruses, but does give you a good base to work from.
Second, may I suggest (As a troubleshooting tool), to run Msconfig, go to the Startup tab and 'disable' ALL of the programs and sevices that are being loaded when your system boots. As a precaution, I take screen shots of the 'before' so that if nothing changes, then i can put things back to what they were.
NOTE: But before you do this, you need to find something that you can compare your
results to. Timing the loading of a large application (Quickbooks, TurboTax).
Do this about 5-10 times to get a good symptom variable, then make your changes.
Otherwise, you are troubleshooting in the dark if you do not have a good symptom
variable.
Third, you may want to consider running Perfmon to get an idea of what your system useage profile is. A simple little tool I use to see inside the system is Moo0 system monitor. It is FREE from CNET and does a good job of indicating the 'bottle necks', which is what you are interested in - it is nothing fancy, but it is basic enough to see what is going on.
Rojosho...
Sorry NoBoDy,
Forgot one other thing.
May I suggest that you check what items are being scheduled at boot up and during normal hours. Through the course of usage, downloading and web surfing, 'things' get added to your Task Scheduler. Google is one of the vendors that will add GUpdate to run every hour, Defraging applications will run at bootup time, Ask and Yahoo will add their bits... and all of these add up to one thing ==> Performance hits.
** To get to the Task Scheduler ==> Lower Left Hand Corner to the Windows Globe ==>
All Programs ==> Accessories ==> System Tools ==> Task Scheduler
** If you are not sure what to do at this point, maybe take some screen shots and post them and let us assist you.
On this topic of uninvited apps and programs. Going to the 'Uninstall Applications' section would also be a good move. I would remove any thing that looks like a 'task bar' application as these tend to invite spyware and adware. Even though spyware and adware are not considered viruses, they do fall into the category of Malware and each object that is loaded on your system is like a leech that drains the 'life source' from you system... Wow, i need to stop reading so many adventure novels... anyway, I hope you see my point.
Rojosho...
Rojosho
Forgot one other thing.
May I suggest that you check what items are being scheduled at boot up and during normal hours. Through the course of usage, downloading and web surfing, 'things' get added to your Task Scheduler. Google is one of the vendors that will add GUpdate to run every hour, Defraging applications will run at bootup time, Ask and Yahoo will add their bits... and all of these add up to one thing ==> Performance hits.
** To get to the Task Scheduler ==> Lower Left Hand Corner to the Windows Globe ==>
All Programs ==> Accessories ==> System Tools ==> Task Scheduler
** If you are not sure what to do at this point, maybe take some screen shots and post them and let us assist you.
On this topic of uninvited apps and programs. Going to the 'Uninstall Applications' section would also be a good move. I would remove any thing that looks like a 'task bar' application as these tend to invite spyware and adware. Even though spyware and adware are not considered viruses, they do fall into the category of Malware and each object that is loaded on your system is like a leech that drains the 'life source' from you system... Wow, i need to stop reading so many adventure novels... anyway, I hope you see my point.
Rojosho...
Rojosho
Dear NoBoDyDD,
I am sorry, but I cannot assist you any further on this question. Perhaps there may be another Expert here who can, and so if no one else posts within 24 hours or so, I encourage you to click 'Request Attention', and (politely) ask the Moderators for help in bringing in some additional Experts.
I wish you good luck in this endeavor, and perhaps I will be able to help you on some future question.
I will no longer be monitoring this question and have turned off the email notification of comments.
Sincerely,
I am sorry, but I cannot assist you any further on this question. Perhaps there may be another Expert here who can, and so if no one else posts within 24 hours or so, I encourage you to click 'Request Attention', and (politely) ask the Moderators for help in bringing in some additional Experts.
I wish you good luck in this endeavor, and perhaps I will be able to help you on some future question.
I will no longer be monitoring this question and have turned off the email notification of comments.
Sincerely,
Turn indexing of on your disk that holds all the vmware virtual machines and vmdk's, if it's on ?
Also if above doesn't work unlist all your indexing and enable it afterwards. Disable indexing as above.
How full are your disks and which do you have ?
Is eventviewer not showing strange things ?
Also if above doesn't work unlist all your indexing and enable it afterwards. Disable indexing as above.
How full are your disks and which do you have ?
Is eventviewer not showing strange things ?
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
ASKER
memcheck i will try it