# Solved: Slow and at a loss

Discussion in 'Windows XP' started by bastet, Sep 30, 2008.

bastet

Dec 21, 2002
110
Hi all,

For some time now my computer has been getting slower. Hadn't even really realized it, it just sort of crept up. I'm on dial up, but it's way too slow even for that. I searched through the forums and found what could be answers but was too afraid to try them. The only thing new I have installed lately was the new AVG when it came out. I went to check the start up menu but realized I wasn't sure what should or should not be there. I'm not sure how some of the things that I did see on there got there. I run XP. Hopefully someone here can help me. Included is my Hijack log, I hope....Logfile of HijackThis v1.99.1
Scan saved at 4:16:25 PM, on 9/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124528794703
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I can't see anything unusual. Here's a stab in the dark - There could be a conflict b/w AVG and something else running like Defender or Symantec. Did the problem start after upgrading AVG?

running 2 virus programs is no good . And you have way to many programs starting when you boot up . I think I counted 25 ( 04 ) on your hijack and I only have 4 when I boot

Thank you both for your replies. JuJu, I do believe it did start after upgrading AVG. Padutch, I did wonder if running AVG and Defender was too much. If Symantec is Norton I let it lapse years ago when it ran out.

About the start up. I'm obviously confused about how those items get on Startup. I don't put them there, do they automatically go there? Which ones do I get rid of? Stupid questions I know but I hope ya'll can answer them. Many thanks Bastet

Well, if they are legitimate services (not malware) then you can turn off a lot of that stuff with msconfig. Goto Start > Run then type msconfig and enter. When it comes up click Startup tab and uncheck unnecessary startup items. If you want to keep AVG then lose the norton and symantec stuff. The Sonic update manager could go, as well as the quicktime and realplayer. They may have to be diabled in their respective program settings because they will probably reactivate themselves otherwise. The one related to MS Money is probably useless, that can go. Cyberlink can go. Start with that and see if it helps. Basic rule of thumb - if it's not anti-virus, anti-malware, or hardware related, it's not necessary. Most of that crap is there for your "convenience", software manufacturers think that you need to have a their program start a second or two quicker or check for updates frequently.

Thanks again JuJu. I will do that and let ya'll know what happens. Should I get rid of everything I don't use everyday (except of course antivirus' and necessary programs)? Why do they go to Startup? Should I keep AVG and get rid of Defender? Bastet

You have Linkscanner enabled. Disable that and see if your response time improves?

Also, as pointed out, running AVG on top of Symantec is a waste of time.

Click Start, click Run, type eventvwr.msc in the Open box, and then press Enter.
Click the Application category.

Look For Recent Errors > Double Click on them > Another Windows Will open > On the Right Side use the Double Notepad icon to copy the error paste them here

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 9/1/2008
Time: 10:26:59 AM
User: N/A
Computer: DHJK9P61
Description:
The description for Event ID ( 5000 ) in Source ( MPSampleSubmission ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: mptelemetry, 8024402c, endsearch, search, 1.1.1593.0, mpsigdwn.dll, 1.1.1593.0, windows defender, NIL, NIL, NIL.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 32 00 .8.0.2.
0020: 34 00 34 00 30 00 32 00 4.4.0.2.
0028: 63 00 2c 00 20 00 65 00 c.,. .e.
0030: 6e 00 64 00 73 00 65 00 n.d.s.e.
0038: 61 00 72 00 63 00 68 00 a.r.c.h.
0040: 2c 00 20 00 73 00 65 00 ,. .s.e.
0048: 61 00 72 00 63 00 68 00 a.r.c.h.
0050: 2c 00 20 00 31 00 2e 00 ,. .1...
0058: 31 00 2e 00 31 00 35 00 1...1.5.
0060: 39 00 33 00 2e 00 30 00 9.3...0.
0068: 2c 00 20 00 6d 00 70 00 ,. .m.p.
0070: 73 00 69 00 67 00 64 00 s.i.g.d.
0078: 77 00 6e 00 2e 00 64 00 w.n...d.
0080: 6c 00 6c 00 2c 00 20 00 l.l.,. .
0088: 31 00 2e 00 31 00 2e 00 1...1...
0090: 31 00 35 00 39 00 33 00 1.5.9.3.
0098: 2e 00 30 00 2c 00 20 00 ..0.,. .
00a0: 77 00 69 00 6e 00 64 00 w.i.n.d.
00a8: 6f 00 77 00 73 00 20 00 o.w.s. .
00b0: 64 00 65 00 66 00 65 00 d.e.f.e.
00b8: 6e 00 64 00 65 00 72 00 n.d.e.r.
00c0: 2c 00 20 00 4e 00 49 00 ,. .N.I.
00c8: 4c 00 2c 00 20 00 4e 00 L.,. .N.
00d0: 49 00 4c 00 20 00 4e 00 I.L. .N.
00d8: 49 00 4c 00 0d 00 0a 00 I.L.....

Well I'm pretty sure I din't do it right. There were several error messages clear back to Sept. 1. Only got the first one.

Since devil_himself hasn't replied, I can tell you that error is from Windows Defender. Personally, I would uninstall it. Do the other errors have MPSampleSubmission as source as well?

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 9/11/2008
Time: 10:42:33 AM
User: N/A
Computer: DHJK9P61
Description:
Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 6d 73 69 6d 6e 2e msimn.
0018: 65 78 65 20 36 2e 30 2e exe 6.0.
0020: 32 39 30 30 2e 35 35 31 2900.551
0028: 32 20 69 6e 20 68 75 6e 2 in hun
0030: 67 61 70 70 20 30 2e 30 gapp 0.0
0038: 2e 30 2e 30 20 61 74 20 .0.0 at
0040: 6f 66 66 73 65 74 20 30 offset 0
0048: 30 30 30 30 30 30 30 0000000
I tried to get a sample of errors on here but again this is all I get. There are plenty more of the MSsample. And then some hangining applications, one of ieExplorer. I uninstalled Defender about 4 hours ago.

On the Start up it might be easier if you could tell me what to keep. There's so much stuff and I don't know what half of it is. Many, many thanks for your time. Bastet

So, you disabled some things in msconfig as well as uninstalled defender and nothing has been resolved? If you can post the most recent error events that might be more helpful. In MSCONFIG > startup tab you can uncheck everything for the time being. Nothing critical in there. You can always re-enable as needed. If there is anything in there you know you don't want and it is still installed, then uninstall them.

A good registry cleaning would be useful but may not solve the problem. A program called Ccleaner is good for that. Use the registry cleaner module to scan and then fix invalid registry entries. It will prompt you to back up registry, do so.

Ok, I unchecked everything in msconfig. The last error was at 10:15 this morning.

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 10/1/2008
Time: 10:15:17 AM
User: N/A
Computer: DHJK9P61
Description:
Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 37 re.exe 7
0020: 2e 30 2e 36 30 30 30 2e .0.6000.
0028: 31 36 37 30 35 20 69 6e 16705 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

I wondered about the registry too. Will try Ccleaner? Is it free? Also forgot to mention ( ) that everytime I shut down a dialog box pops up and says: End Program-TeaTimer.exe and the usual end now or cancel.

Will have to wait a bit to see how much has improved. Thanks Bastet

If your not happy with the results and you are seeing new errors in event viewer, then the best thing to do, if possible, is a clean format and re-install after backing up any data you want to keep. If you do, only re-install one anti-virus and one anti-malware program.

