1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

CPU slow, no problem detected by scaners

Discussion in 'Windows XP' started by guille_ba, Feb 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    Hi, lately my CPU became slower and slower and sometimes get frozen por 2 or 3 mintues. No problems were detected by AVG Antivirus 7.5.441, by AVG anti-spyware, by ad-aware SE Personal 1.06r1, or by Spybot Search and Destroy 1.4
    My OS is windows XP Profesional 2002, Service Pack 2 (spanish version) and the processor is an AMD sempron 2800, 1.6GHz, 1GB RAM.
    Is there someone that could help to find the problem. Attached you can find my Hijackthis 1.99.1 log.

    Thank you.
    Guillermo
    Buenos Aires, Argentine.
     

    Attached Files:

  2. bonk

    bonk Banned

    Joined:
    Sep 8, 2005
    Messages:
    11,097
    You will get more notice posting like this

    Logfile of HijackThis v1.99.1
    Scan saved at 09:40:35 p.m., on 11/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
    C:\Archivos de programa\MSN Messenger\usnsvc.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IVMRun] "C:\Archivos de programa\NCH Swift Sound\IVM\ivm.exe" -logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Archivos de programa\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Archivos de programa\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?22949aa2c9d242b287b26d2f49fe581c
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Archivos de programa\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?22949aa2c9d242b287b26d2f49fe581c
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154755391750
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9781B725-3F0E-4897-BF17-82967BD24C90}: NameServer = 200.45.191.35 200.45.191.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WB - C:\Archivos de programa\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  3. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    ok Bonk, thank you. Here is the log:

    Logfile of HijackThis v1.99.1
    Scan saved at 09:40:35 p.m., on 11/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
    C:\Archivos de programa\MSN Messenger\usnsvc.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IVMRun] "C:\Archivos de programa\NCH Swift Sound\IVM\ivm.exe" -logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Archivos de programa\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Archivos de programa\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?22949aa2c9d242b287b26d2f49fe581c
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Archivos de programa\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?22949aa2c9d242b287b26d2f49fe581c
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154755391750
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9781B725-3F0E-4897-BF17-82967BD24C90}: NameServer = 200.45.191.35 200.45.191.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WB - C:\Archivos de programa\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  4. bonk

    bonk Banned

    Joined:
    Sep 8, 2005
    Messages:
    11,097
    Cleanout the PC of dust


    Makesure all fans are working (including the powersupply fan)


    Defrag


    Try emptying your Temp folders.


    Use this free utility

    ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    Click Exit on the Main menu to close the program.
     
  5. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    PC is clean, both fans (power supply and processor and clean and working right), I've already defrag last week (now, total fragmentation is 0% and archive fragmentation is 1% ). Temp folder, into windows folder is almost empty; there is only one unknown archive in use (Perflib_Perfdata_788.dat). ATF Cleaner downloaded and run.
    I can not understand what you mean when you name the opera or firefox brower. I use directly the explorer browser.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I would keep Emule out of the startups -- and possibly uninstall Stardock during the troubleshooting period.

    This running process, and some others indicates you are running a server related application of some kind:

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    That might be Emule; but the service itself is a Microsoft one and would have to be manually disabled.

    Here is a standard list of questions I like to ask relating to "performance" problems:

    PERFORMANCE QUESTIONS:

    0 > when did the problem seem to be begin?
    1 > is it very slow to boot up?
    2 > do programs open slowly?
    3 > does the same behavior occur both on and off the internet. Or with no connection at all?
    4 > does it matter how long the system has been on, and does a restart improve things?

    Slow performance issues can often be due to overheating, so if the system is faster after it has been shutdown for a while and then restarted -- that would be especially suspect. To check for possible problems here, shutdown, open the case and blow out any accumulated dust. Then turn it
    on and check to see that the fan is working. Sometimes it helps to physically clean the fan.

    If a laptop, check to see that the vent is clear of dust and verify the fan is working. Temps and fan speed can usually be monitored with SpeedFan (except on Dell desktops), a free utility.

    5 > if you do a ctrl-alt-del, do any processes show excess cpu usage, other than System Idle Process?

    6 > If you open the Device Manager (run devmgmt.msc) and select the entry for IDE ATA/Atapi and select the Primary IDE > Advanced Settings, does it say the "current transfer mode" is DMA or PIO?

    If it says PIO, first ensure "Use DMA if Available” is selected, then select the driver tab and uninstall the driver and reboot. Then check again.
    ____________________________________________________________________________
    COMMIT CHARGE

    Do ctrl-alt-del to open up the task manager. Select the "performance" tab. Let me know what you see under:

    Physical Memory

    Total: this is your total installed ram -- "physical" memory
    Available: this is the amt of real "physical" memory presently uncommitted

    Commit Charge

    Total: this is the combination of total physical and virtual memory currently in use
    Limit: this is the total physical and virtual memory available
    Peak: this is the most you have had in use in this session
     
  7. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    Dear Rollin' Rog,
    Thanks for your interest to help me.
    This morning I've done a deep clean to the fans. Once they were disassembled, I found some dust into the dissipater of the processor (the fan did not allow me to see the dust). The power supply fan were normally dirty but I clean it deeply anyway. I'm sure this will help.
    Besides that and before I created this post, I cleaned some process using the Hijackthis. The performance improved, but as I'm not an expert... I'm not sure if I deleted every "not needed" process or If I deleted some needed process (I was conservative so I think not).

    Here are the answers to your Performance questions:
    0 > when did the problem seem to be begin?
    Since middle of January. It wasn't suddenly, The PC became slower and slower progressively.

    1 > is it very slow to boot up?
    Not at all. It's fast to boot up.

    2 > do programs open slowly?
    No. The problem appears in three main cases:
    a) when I open a new application window (sometimes open the windows, sometimes not, and sometimes it takes a long time to open it)
    b) when I change from an application window to another one (some time PC takes 1-2 minutes to refresh the screen)
    c) when an internet windows has to be refreshed

    3 > does the same behavior occur both on and off the internet. Or with no connection at all?
    The behavior is the same (on internet, off internet, and out of connection at all).

    4 > does it matter how long the system has been on, and does a restart improve things?
    Just in order to let you know how long is the system on, I tell you that my PC use to be "on" 24hs a day (it is my telephone answer machine, my TV, my Music Center, etc). When I restart, most of the times (90%) improve things but problems come back soon.

    5 > if you do a ctrl-alt-del, do any processes show excess cpu usage, other than System Idle Process?
    When it get frozen or too slow, I call the Task Administrator application and after 2-3 minutes it appears. Only few times, the CPU usage line (at performance graphic tab) reachs the 100% but only for a short period (just a little more than a peak). This short horizontal line always appears after the PC got frozen, but I can never see what process cause this horizontal line at 100% because when the PC is frozen I can not select the process list tab at the task manager, and once the CPU usage list appears the process is over. Most of the time, the CPU usage is under 5-10% and the most used process is the "system inactive process" (90-99%) most of the time. I like to ask you something: ¿is it normal to see a list of processes at the Task Manager larger than the list of processes at the Hijackthis log? Because this happens at this moment.

    6 > If you open the Device Manager (run devmgmt.msc) and select the entry for IDE ATA/Atapi and select the Primary IDE > Advanced Settings, does it say the "current transfer mode" is DMA or PIO?
    Transfer mode: "DMA if available"
    Actual Transfer mode: DMA Ultra mode 2
    ____________________________________________________________________________
    COMMIT CHARGE
    Do ctrl-alt-del to open up the task manager. Select the "performance" tab. Let me know what you see under:
    Physical Memory
    Total: 982512
    Available: 494320
    Caché: 528928

    Commit Charge (I have the Windows XP spanish version, let me know if I'm you' re talking about the "transactions charge").

    Total: 429312
    Limit: 2370100
    Peak: 552464 (Maximum)
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Assuming you are taking that commit charge reading after the system has been on for an extended period and you are beginning to experience the problems reported -- it does not appear they are due to resource usage.

    So, considering that you say the problem usually improves after a reboot -- it may be the cooling period here that is helpful.

    Speedfan may help you monitor temperatures -- that is unless you have a Dell.

    >>
    -- yes

    By the way, how old is this computer? ULTRA DMA 2 is a bit on the slow side for the hard drive primary ide -- but normal for seondary ide CD/DVD drives.
     
  9. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    I bought this computer 9 months ago. It has two identical Western Digital HDD of 250GB each one, connected by SATA cable. Additionally I have one CD reader and one DVD writer, both connected by ide cable.
    Could I change/check something on the software or hardware configuration to improve that "ultra DMA 2"?
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm not sure how this issue applies to SATA drivers -- it may be that what you are looking at is not relevant to SATA configurations. Please pardon my ignorance on this.

    I think what you are seeing is the IDE DMA mode for the CD or DVD drive and for that it would be normal.

    It's possible you might get an answer in the Hardware forum if you want to start a thread specific to that question.
     
  11. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    The problem still alive. Few minutes ago, two applications (an ie window and the microsoft outlook) were frozen, I called the task manager and saw that the CPU usage was between 0 and 2% (while the applications still frozen). I notice that there was a process called "csrss.exe" that used only 2% usage for a few seconds. I don't know this process so I visited the sysinfo web page (http://www.sysinfo.org/startuplist.php?filter=csrss.exe) and now I'm worried because this might be a virus. Do you know it?

    Thank you for your suggestion visiting the hardware forum. Surely I'll go there.
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    That is a Microsoft process as long as you see it in the system32 directory.

    Have you tried disabling Emule?

    Let me see a services profile and we can try disabling some unrequired Microsoft services -- you have quite a number there and I'm not sure what purposes they are serving.

    To do this run HijackThis again, and this time select the "MiscTools" section.

    Be sure to put a check in:

    "list also minor sections (full)" and then click "generate startup list"

    Post that.
     
  13. guille_ba

    guille_ba Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    30
    Ok, here is the startup list like you ask:

    StartupList report, 13/02/2007, 11:51:56 p.m.
    StartupList version: 1.52.2
    Started from : C:\Archivos de programa\Hijackthis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
    C:\Archivos de programa\MSN Messenger\usnsvc.exe
    C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
    C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\MMJB.EXE
    C:\ARCHIV~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
    C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    !AVG Anti-Spyware = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    AVG7_CC = C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    eMuleAutoStart = C:\Archivos de programa\eMule\emule.exe -AutoStart

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Regedit.exe has no CompanyName property! It is either missing or named something else.
    - Regedit.exe has no OriginalFilename property! It is either missing or named something else.
    - Regedit.exe has no FileDescription property! It is either missing or named something else.

    Registry check failed!

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    (no name) - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Archivos de programa\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    1-Click Maintenance.job
    Check Updates for Windows Live Toolbar.job
    Spybot - Search & Destroy - Scheduled Task.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Archivos de programa\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab

    [Windows Live Safety Center Base Module]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    CODEBASE = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154755391750

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
    NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    Servicio de ayuda de IPv6: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
    Servicio de alerta: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Audio de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    AVG Anti-Spyware Guard: C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
    AVG7 Alert Manager Server: C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
    AVG7 Update Service: C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
    Servicio de transferencia inteligente en segundo plano: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Examinador de equipos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Servicios de cifrado: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Iniciador de procesos de servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Administrador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Servicio de informe de errores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Registro de sucesos: %SystemRoot%\system32\services.exe (autostart)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Ayuda y soporte técnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Administración de IIS: C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
    Escucha de RIP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Estación de trabajo: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Ayuda de NetBIOS sobre TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Publicación en FTP: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
    Message Queuing: C:\WINDOWS\system32\mqsvc.exe (autostart)
    Message Queuing Triggers: C:\WINDOWS\system32\mqtgsvc.exe (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
    Servicios IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
    Almacenamiento protegido: %SystemRoot%\system32\lsass.exe (autostart)
    Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Llamada a procedimiento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    Administrador de cuentas de seguridad: %SystemRoot%\system32\lsass.exe (autostart)
    Programador de tareas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Inicio de sesión secundario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Notificación de sucesos del sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Firewall de Windows/Conexión compartida a Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Detección de hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Servicios simples de TCP/IP: %SystemRoot%\system32\tcpsvcs.exe (autostart)
    Protocolo simple de transferencia de correo (SMTP): C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
    Servicio SNMP: %SystemRoot%\System32\snmp.exe (autostart)
    Cola de impresión: %SystemRoot%\system32\spoolsv.exe (autostart)
    Servicio de restauración de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Adquisición de imágenes de Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
    Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Cliente de seguimiento de vinculos distribuidos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    TuneUp Design Expansion: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Horario de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Publicación en World Wide Web: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
    Cliente Web: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Instrumental de administración de Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Centro de seguridad: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Actualizaciones automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Configuración inalámbrica rápida: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

    --------------------------------------------------
    End of report, 14.691 bytes
    Report generated in 0,375 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, the language issue posses a bit of a problem for me, but probably won't for you if the service display names are similar to what is reported here:

    Publicación en FTP: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
    Message Queuing: C:\WINDOWS\system32\mqsvc.exe (autostart)
    Message Queuing Triggers: C:\WINDOWS\system32\mqtgsvc.exe (autostart)
    Servicios simples de TCP/IP: %SystemRoot%\system32\tcpsvcs.exe (autostart)
    Protocolo simple de transferencia de correo (SMTP): C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
    Servicio SNMP: %SystemRoot%\System32\snmp.exe (autostart)
    Publicación en World Wide Web: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)

    What I'd like you to do is to run services.msc and find each of those services.

    You will see an option to STOP the service -- try stopping all of them.

    Does that make a difference in your system's behavior?

    If it does -- and they are set to "automatic" startup -- try setting them all to "manual". Right click on each >Properties > you will see the configuration page. This shouldn't break anything as they will start if called by an application. Reboot afterwards.

    Option 2 is to set them to "disabled" which will keep them from starting even if called. This might affect some of your programs -- perhaps MSN messaging or something related.

    If you set them to manual and reboot -- post another HijackThis scanlog -- not the startuplist -- just the scanlog so I can see if any got restarted by an application calling them.
     
  15. Carey934

    Carey934

    Joined:
    Feb 13, 2007
    Messages:
    150
    Download and run Ccleaner from www.ccleaner.com

    Make sure to use the ISSUES button to clean the registry after you clean the hard drive with the top button.

    It's free and completely safe. It should speed your system back up.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543311

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice