Computer Got SLOOOW - Don't Know Where to Start

CapeCoaler · Post by **CapeCoaler** » Thu. Jun. 11, 2009 11:32 pm

Only if it passes thru that device to another...
A choke point on that path...
A 10MB router in front of a 100 MB switch will only flow at 10 MB.
A wireless network using an AirPort Extreme will not flow at N speeds if there is a g or b device on the wireless network.

SMITTY · Post by **SMITTY** » Sun. Jun. 14, 2009 9:45 am

BillMarti wrote:Smitty,
Just curious can u update anything now?

Bill S.

Nope -- just went to Microsoft's site, tried to download "June Updates' & now it takes me to a fake Google page ( has a cheesy looking Google emblem up top) & says "downloads not available on this server"

I'm going to set fire to this CPU!!!

EDIT: now this connection is screwed -- sloooooooow as molasses again.

009to090 · Post by **009to090** » Sun. Jun. 14, 2009 9:50 am

SMITTY wrote:Nope -- just went to Microsoft's site, tried to download "June Updates' & now it takes me to a fake Google page ( has a cheesy looking Google emblem up top) & says "downloads not available on this server"
EDIT: now this connection is screwed -- sloooooooow as molasses again.

Oh crud.... sounds like a virus to me.

CapeCoaler · Post by **CapeCoaler** » Sun. Jun. 14, 2009 6:38 pm

Download combofix to usb from a working non-infected computer and run it from the infected computer per instructions.
Only get it from here. There are fake sites, this link takes you to the correct site.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

SMITTY · Post by **SMITTY** » Thu. Jun. 18, 2009 10:26 am

I think I've reached the end of my rope with this........

I went to Bleepingcomputer.com & everything that was suggested either didn't work or wouldn't run properly (something is blocking certain websites). I did run Combofix, but not sure what it did.

I tried paying someone to fix this pile & they couldn't do anything but suggest things that AREN'T THE PROBLEM! Isn't it great WASTING MONEY?

Thanks to everyone for your help. I'm done. Going to get some rope, gasoline, & my ATV..... then I'm gonna fix this thing the old-fashioned way!

djackman · Post by **djackman** » Thu. Jun. 18, 2009 4:02 pm

Take drive out, slave onto another system that's running good antivirus (AVG, Avast, Kapersky, Eset, etc) with current updates and scan the drive

Or bite the bullet, backup & reformat.

If you have HiJackThis post a log up.

SMITTY · Post by **SMITTY** » Thu. Jun. 18, 2009 5:17 pm

Code: Select all

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:15 PM, on 6/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\mb\mbam.exe
C:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.verisign.com/rpa
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited", "http://www.vaio.net/sonyvaio420.html");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
user_pref("browser.tabs.forceHide", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("mail.smtpservers", "");
user_pref("mail.ui.folderpane.version", 2);
user_pref("mailnews.global_html_domains.version", 2);
user_pref("mailnews.html_domains", "netscape.net,netscape.com,aol.com,cs.com,yahoo.com,hotmail.com,msn.com");
user_pref("mailnews.ui.threadpane.version", 2);
user_pref("prefs.converted-to-utf8", true);
user_pref("timebomb.first_launch_time", "1082935472125000");
user_pref("browser.helperApps.neverAsk.openFile", "applic
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DT LGE] "C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SsAAD.exe] D:\SONICS~1\SsAAD.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - 
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE4BD774-D051-4286-8D95-2BDBA4059D4C}: NameServer = 85.255.115.59 85.255.112.120
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcq_device -   - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

--
End of file - 7942 bytes

009to090 · Post by **009to090** » Thu. Jun. 18, 2009 5:40 pm

Edit... I read it wrong..
This link might help...

http://www.bleepingcomputer.com/forums/index.php? ... pic=231197

This link is for a slow PC also...
http://www.bleepingcomputer.com/forums/index.php? ... pic=234868

djackman · Post by **djackman** » Thu. Jun. 18, 2009 8:50 pm

SMITTY wrote: O17 - HKLM\System\CCS\Services\Tcpip\..\{EE4BD774-D051-4286-8D95-2BDBA4059D4C}: NameServer = 85.255.115.59 85.255.112.120

Can you check these are the correct DNS servers for your ISP? Haven't seen a DNS redirect virus/adware for a long time but might explain why you're getting redirected. HiJack doesn't show any LSP's which are usually the culprit for that.

SMITTY wrote: O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include ... Config.CAB

This is a really, really long shot but mabye your TCP max packet size is screwed up on the nic? Did you run any kind of TCP "optimizer"?

Also, here's a page on the netsh commands which are used to reset tcp/ip and winsock. I think you tried them before and they failed, which I've never seen.

http://commandwindows.com/netsh.htm

djackman · Post by **djackman** » Thu. Jun. 18, 2009 11:23 pm

Did a little more looking around - pretty sure those are rogue DNS servers.

http://isc.sans.org/diary.html?storyid=5434

http://www.arbornetworks.com/asert/2008/11/rogue- ... -the-move/

http://www.avertlabs.com/research/blog/index.php/ ... -problems/

CapeCoaler · Post by **CapeCoaler** » Thu. Jun. 18, 2009 11:33 pm

http://www.bleepingcomputer.com/forums/lofiversio ... 79579.html

You got hijacked. Smitfraudfix is good.

http://forums.pcpitstop.com/index.php?/topic/1670 ... oval-help/

Here is the google search on those IP #'s

http://www.google.com/search?q=85.255.112.120&rls ... 1I7GGLG_en

This is fixable if the person knows what they are doing.

europachris · Post by **europachris** » Sun. Sep. 27, 2009 10:01 am

Just my $.02 worth of recent experience: I'm running an almost 5 year old Dell Dimension 8400 P4 3.4GHz, 1G RAM with XP Media Center. It was getting slow, but running OK until I tried to "upgrade" to IE 8. Big mistake. After installing PC Fix-It, I got it to boot and was able to recover from my USB hard drive backup. However, since that recovery, the computer became even more troublesome with random boot lockups, blue screens, etc. Finally I had to blow away the entire computer back to the "Dell square 1" beginning and start over with another recovery from backup - which STILL gave me problems. I thought it might be the hard drive or motherboard going, so I started shopping for a new box. But, since I'm blowing a huge wad on an outdoor spa install (which requires an all new deck and I'm using $$ TimberTech composite), I didn't want to have to buy a new computer, too. I thought I'd go do another "Dell square 1" and bring the computer back to "new" and this time install all the software from scratch and only pull my data out of the backup.

So, 3 days later and about 300 Microsoft updates installed, I'm up and running with everything except my copy of Autocad 2000 which I don't have the CD for anymore - still working on getting it from my buddy. I took a lot of time uninstalling EVERYTHING that I didn't need that pre-loads from Dell on a new PC and cleaning up all the settings prior to the subsequent upgrades and software installs.

I must say that this thing FLIES now! WOW!!!!

In addition, I've run full HDD diagnostics and tests and the drive passed with no issues, so my problems must have been just a bunch of conflicting drivers, dates, software, registry entries, etc. and possibly even some malware even though I have Ad-Aware, Spybot S&D, AVG, ZoneAlarm, and SmitfraudFIX installed. And since there is nothing on a new PC that I need I have no reason to upgrade for now - this one has the Firewire port to download from my DV camcorder and a DVD burner, so I'm good.

I guess even with good PC maintenance and all the "tools" that promise to optimize and speed up your PC, you still have to really tear it down and "clean out all the flyash" to get things running like new again. I am amazed at the difference!

chris

SMITTY · Post by **SMITTY** » Sun. Sep. 27, 2009 10:11 am

Good deal!

I wish I had your patience....

RMA · Post by **RMA** » Sun. Sep. 27, 2009 3:51 pm

I have noticed similar slowdowns on one of my computers...
One thing that slowed it down was TOO MANY PROGRAMS RUNNING and
it was SCANNING and ANTI-VIRUS software updating itself & blah, blah, blah...
Disconnecting and reconnecting your internet connection will sometimes get you a "hotter" server...

Then, as Richard said you do have update your windows system...

Bob