My slow computer is driving me mad

clinteestwood

wm.Xen wrote: »

What are you talking about?

Defragmenting greatly increases computer performance. Of course it'd help.

ye, except defragging can take a very very very very veeeeeeerrrrrrryyyyy long time.... especially if the computer is already lethargic.

closed

(optional) advice based on your log which may help to improve speed and tidy things up.
__________________________________________________


Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. Also Tick the java cache tick box under CCleaner, applications, internet to wipe the java cache which sometimes hides infections. http://www.piriform.com/ccleaner/download/slim

Install and run startuplite, accept suggested changes - http://www.malwarebytes.org/StartUpLite.exe

Click the java icon in control panel, advanced, misc - untick java quick starter, and untick place icon in task bar

Click the java icon in control panel, updates, untick check for updates

__________________________________________________

__________________________________________________

Using Hijackthis, tick and fix these entries

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6770.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\jpbs\setup.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (file missing)


__________________________________________________

Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox plugins that you don't need. This is a list of the IE BHO's evident in the log

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

__________________________________________________

Unless you need them running all the time, use the startup tab in msconfig to disable these items from running at startup (they can always be run manually if needed)

O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

__________________________________________________

If you want a speedy machine, Use windows firewall and replace your antivirus and security software with avast 6 free - (a fast and lightweight virus scanner with good detection rates) http://www.avast.com/free-antivirus-download :

This is a list of (or remnants of) security software evident in your log, you may wish to uninstall these in Control Panel (add/remove programs or programs/features) to keep your PC running smoothly, too much overlapping or bloated security or useless tuning software can have a drastic effect on performance - always leave one resident scanner running (eg avast/avira etc)

---- rapport

---

O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (file missing)

---- avg

---

C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

---- doctor

---

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsGui.exe" /hideGUI
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

---- PCTools

---

O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

__________________________________________________

__________________________________________________

Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). In windows explorer, go to c:\windows\tasks, click on the clean system memory task, schedule, advanced, and change it from every 30 minutes to every 5 minutes, then ok, ok. Find c:\program files\cleanmem\mini_monitor, run it and right click the icon (near the clock) to set it to automatically run at startup, show percentage to keep an eye on your ram use. If your machine is still slow after doing everything listed, post your commit charge and installed physical ram details from task manager performance

In internet explorer, click on tools, internet options, advanced, disable script debugging to stop this running

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

__________________________________________________

start, run, msconfig, select services tab, disable these services UNLESS you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)

SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking Client

Also disable these services if you don't use them by running msconfig, services tab

C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

AVG10 Is out of date, you may wish to update or preferably uninstall it and replace with avast

C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

GlynD

We're running into the realms of too much information now chaps. I know you all mean well but for the record:

This machine is set for performance and is running well. It is defragmented every other day.

The issue is a failure of the CMOS startup when trying to do a softboot. Even a hardboot requires the machine to sit switched off for at least 10 minutes before I get a CMOS screen.

GlynD

RussJK wrote: »

Well you have two separate issues - the motherboard/bios issue, and the rootkit/trojan.

It may be worth posting the hardware question as a new thread if you want more eyes on it. You can find out what your BIOS is by doing a search in Regedit for "SystemBiosVersion", or look in HKLM > Hardware > Description > System, then see the two SystemBios keys.

It's looking to me as if the rootkit/trojan issue is solved - unless you disagree?

I've found the bios version it's A_M_I - 4000809

Now how can I find the correct formware to flash that? If that doesn't work then I will post a new thread for the techies. I think you;re doing a very good job btw which is why I haven't up until now because, as we can see, sometimes too much information is just too much.

aliEnRIK

id suggest combofix as Russ suggested

Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)

Bios shouldnt need flashing if it worked before. If you DO flash and it goes belly up, its dead

GlynD

I've run combofix and it came up with a clear run and didn't produce a log. I also ran the CC scan, Kapersky and the other couple of programs suggested. Everything is clear. I've run Revo and removed Rapport and remnants of any other programs which were there. Threatfire did not appear.

In essence the hard drive is running well. I did a clean disk and defrag last night to clear up the mess from installing all these programs. The machine booted up from cold this morning ok. The only thing I have not addressed is why it will not do a warm/softboot. Why the CMOS screen doesn't come up at that time. If CMOS comes up the machine will boot into windows ok. I have not yet flashed the BIOS.

Any ideas?

debitcardmayhem

Just a thought , the CMOS battery could be on it's way out , it may be causing problems , normally though the symptoms are usually date/time being out at cold reboot, but of course it also is used for settings ?

GlynD

debitcardmayhem wrote: »

Just a thought , the CMOS battery could be on it's way out , it may be causing problems , normally though the symptoms are usually date/time being out at cold reboot, but of course it also is used for settings ?

I wouldn't discount it and I'll bear it in mind but this is not an old machine and has had very little use. It does seem that someone, probably an ex-employee, downloaded something which paved the way for rootkit and trojan infestation. The drive was also bricked which complicated issues and initially I thought that Seagate had made an error in flashing it but I quickly discounted that. The drive works and works well, better now that Jeff has assisted me in clearing (I hope) the rootkit. The question still remains: why will it not reboot from warm.

GlynD

I'm going to raise this in the Techie Forum as Jeff has suggested. I think we need more heads on it, although I dread to think the confusion which is going to follow. LOL

aliEnRIK

GlynD wrote: »

I've run combofix and it came up with a clear run and didn't produce a log.

Theres no such thing as a 'clear run' with combofix
And the log should be in c drive

Entirely your call, but that log may point me to problems that nothing else can pick up