Slow surfing - here is my HT log

[chredge]

Hi All,

Hope you can help me here.

Lately I have noticed that my PC is really slow when surfing the interweb. I usually have Peer Guardian, Utorrent and Avast running all at the same time without much slow-down but recently it's been running super slow and web pages take a long time to load (any images on those pages take even longer).

Here is my HT log to help with any investigations.

Many thanx in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:14, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\APPLICATIONS\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

--
End of file - 3662 bytes

Cheers,

C h r e d g e.

 

[chredge]

No-one???

 

[oshwyn5]

Well when you post a hijackthis log, you basically have to wait for an authorized malware expert to review it. You get faster service on the malware board then the OS specific board.

That aside at a minimum they will want you to re enable all the things you disabled in msconfig so they can see what is installed and disabled.

But
<font color="Red" Size="+3"><b>Why you should not use MSCONFIG to control startup entries in XP</b></font>
<a href="http://forums.majorgeeks.com/showthread.php?t=149804">If you have been using MSConfig as a startup manager please read this.</a>

http://support.microsoft.com/kb/310560


The first method you should always try is to see if the application itself has an entry under edit / preferences or tools / options or a similar location to control its startup behaviour. The software author knows his product better than anyone else; and he went to a lot of extra effort to include these entries if they are there. You must therefore consider that he may know what he is doing (if not why do you use his product) and included these for a specific reason (rather than just a note in the readme.txt file or help file telling you to type msconfig and uncheck the entry there).
Back in the days of DOS, you had to add a line in say the autoexec.bat file to launch something on startup. You could just rem out that line and it would not start ; or delete it since you probably knew what it was and could add it back if you wanted.
But gradually windows became more complex. Win95; 98 ; and ME not only use the autoexec.bat , and files like config.sys and system.ini but primarily use a registry consisting of two files user.dat and system.dat. This makes controlling startup entries more complex; but since most programs just put in one run entry in the registry ; disabling that with a startup manger or msconfig generally was enough (although some you really should also check the system ini files and autoexec.bat especially with things like antivirus and firewall applications). Just unchecking the msconfig entry leaves the possibility of overlooking components which continue to run invisibly , eating up resources and often not allowing the resources of the associated program to be released and reused if you open the program and then close it ( a Memory Leak, or at least one variety ).

But Windows continued to get more and more complex. XP does not use just two files to save and open the registry. The XP registry is built from scratch each time you boot based on five or more hive (.hiv) files ; of which the msconfig startup entry HKLM_run is just one of many places an application may load components. In fact; generally an application loading at startup loads different components at different times during the boot sequence based on which hive the entry is in. Some may load before you log in , some after. In addition there are many other places (Services, SSODL entries , etc) where a program may include startup entries which may not show in your registry; but will nonetheless load components of the application . Thus it is not adviseable to use simple techniques like unchecking MSCONFIG entries ; you may not have disabled as much as you think.

Startup managers; like codestuff starter tend to be more "complete" in their dealing with an application and its "dependencies" but you should still check first to see if the author included control options in his application. (Tip, with Code Stuff Starter, you can "edit" startup entries to move them from the Current User- which loads after you login - to All Users which loads before to speed up how quickly you can use things after the desktop loads).

Yes, there are still programs out there which do not really install. You could just copy their folder to a removable drive and run it from there on any computer; and there are still programs out there which only have the single registry entry. Generally you can recognize them because they have no option in the program itself to control startup (big surprise that if the author does not think there is a need to include this extra work you generally can just uncheck the entry). And yes; it is not always disasterous to incorrectly disable a programs startup. But if you are trying to improve performance; it is best to do things correctly.

In XP I strongly advise against disabling anything using MSCONFIG. While in older versions of windows there was a single registry used by all users and the startup entries were just one location which you could check and uncheck in msconfig with relative safety ; this is no longer so.
IN XP the registry is built from scratch each time you start up based on five or more files called hives which load at different times during startup. Some do not load until you login with your username and password. The MSCONFIG entry is just a single place where a program may enter startup entries. It could have appinit dlls, ssodl entries, windows service entries, scheduled tasks, and several other startup entries ; all designed to load different portions of the application at specific points during windows bootup. MSCONFIG disables just one of these. This can lead to far worse problems than the one you are attempting to combat. So please unless specifically told to do so as part of a trouble shooting proceedure by someone who actually knows what they are doing do not disable anything with msconfig.
The proper way to disable startup entries , whenever present , is to use the applications own edit/ preferences or tools/ options. The author went to a lot of extra effort to include these entries and did so for a specific reason.


So the best thing to do is to look in the system tray at lower right.
Any of the programs running there at startup? Check to see if they have an edit/preferences or tools/ options entry or other method included in them to control their startup behavior. If so , use it.
You can also check in the start/ programs / startup folder
If you find an entry there for something which does not include a method of controlling startup within the program itself, go and move them out of it by dragging and dropping them into their own folder.

================================================

Secondarily in my opinion Peer Guardian is basically worthless providing a false sense of security since the RIAA and MPAA do not use "trap" websites to catch you but monitor traffic on the torrent ports and check the packet headers to identify stolen material.

And most sites will not help thieves using P2P and Torrents since they get what they deserve.

 

[redoak]

Didn't you receive my PM?

"I am following a recommended procedure with this "PM."

"Click "Report" and ask that your Thread be transferred to the "Security/HJT" Forum."

{redoak}