TechSpot

Computer's running slow.

By roco11208
Sep 10, 2007
  1. I've attatched the HJT, Combofix and AVG Antispyware logs.

    Oh, and the AVG Antirootkit scan came out clean.

    Please help me out and see if there's anything wrong.
    Thanks. :D

    -Rob
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint

    Close control panel.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of roco11208 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm leaving the Hijack log up to Howard. But you should also know the following:

    1. Only necessary programs or processes should be on the Startup menu- basically that's usually only the AV program, possibly firewall, touch-pad if laptop and Network services if you're on network. Anything else will slow you down because if it starts up, it runs in the background.

    2. System needs to be well maintained> disc cleanup, defrag, scanning with AV program and 2 or more spyware/adware programs, updating each right before scan.

    If malware is found on your log and you are helped cleaning it out, the above will help prevent it in the future along with safe surfing habits.
     
  4. roco11208

    roco11208 TS Rookie Topic Starter

    Thanks guys.

    Attached are both the Avenger and HJT logs.

    Also, what would be the best way to cleanup which programs run at startup? And which programs should be left to run at startup?
    Thanks again. :D

    -Rob
     
  5. BlameCanada

    BlameCanada TS Rookie Posts: 320

    Just leave the Firewall and Anti virus and maybe AVG antispyware (i personally wouldn`t,but you might need it :) )

    to start with Windows.All the rest can be started manually if and when needed.

    You can also stop the Nero Indexing service,and about 10 others.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

    Click on the fix checked button.

    Close HJT and reboot your system.

    Please post a fresh Combofix log.

    Go and read this thread HERE, it will show you how you can speed up your system.

    Regards Howard :)

    This thread is for the use of roco11208 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When you finish cleaning up, here's how to stop programs from starting at boot and running in the background: Included are databases to ID the entries.

    Start> Run> msconfig> Selective Start-up> Startup tab.
    For any programs you don't recognize, refer to any of the sites below for ID. If you don't need them to start up and run in the background, click to remove the check.

    NOTE: if you can't see enough to ID the program name, put your cursor over the dividing line at the top of the column and move it to the right.

    NOTE: you will need to stay in Selective Start-up after making changes. If you do not, it will revert back to Normal and include the programs you stopped.

    NOTE: if you find you do need something you stopped, the program will still be there and you can go back in an recheck it.

    When finished making all changes> Apply> OK
    NOTE: you will get a nag message about being in Selective Start-up> click to check 'don't show me this message any more' and close on "X".

    STARTUP APPLICATION DATABASE LIST
    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
    http://www.sysinfo.org/startuplist.php
    http://startup.iamnotageek.com/ http://www.pcpitstop.com/spycheck/SWDetail.asp?fn=gah95on6.exe
     
  8. roco11208

    roco11208 TS Rookie Topic Starter

    Here's the combofix log.
    I also attatched a "ComboFix-quarantined-files" .txt file that it made. I wasn't sure if it would be important or not.

    Thanks again guys. :D

    -Rob
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.

    Regards Howard :)

    This thread is for the use of roco11208 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. roco11208

    roco11208 TS Rookie Topic Starter

    Here are the logs.
    Thanks.

    -Rob

    Sorry, I uploaded the wrong avenger log.
    Here's the right one.

    Something I've noticed that has been happening lately is that the system sounds will stop working. Any video or audio files (avi., mp3., wma., etc.) still work but the normal computer sounds wont play.

    And shortly after that happens the computer will sometimes just freeze on me. What could be the problem?
    Thanks for all the help. :D

    -Rob
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Everything looks fine there.

    However, I notice you have a collection of drivers in your documents folder.

    C:\DOCUME~1\Robert\mqdmmdfl.sys
    C:\DOCUME~1\Robert\mqdmmdm.sys
    C:\DOCUME~1\Robert\mqdmserd.sys
    C:\DOCUME~1\Robert\mqdmbus.sys
    C:\DOCUME~1\Robert\mqdmcmnt.sys
    C:\DOCUME~1\Robert\mqdmwhnt.sys
    C:\DOCUME~1\Robert\mqdmcr.sys
    C:\DOCUME~1\Robert\usbsermptxp.sys
    C:\DOCUME~1\Robert\usbsermpt.sys

    Is there some reason why the above files are where they are?

    I`m not sure what the problem with your Windows sounds is, maybe doing a Windows repair as per this thread HERE would help.

    Regards Howard :)

    This thread is for the use of roco11208 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...