Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

high cpu utilization rate


  • This topic is locked This topic is locked
23 replies to this topic

#1 walker39

walker39

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 02 November 2008 - 10:09 AM

cpu performance in task mgr 100 percent after system tray and quick launch bar populated. After looking at processes in task mgr I realized reg.exe was responsible for slugishness. This laptop is not my main computer and runs win2k pro sp4. I did the unspeakable and terminated the reg.exe process.The computer seems to run as normal after terminating reg.exe. I use zone alarm,avg anti virus,spybot, lavasoft, and firefox 2.0x and no email client. Thank you in advance for some assistance. This my first try and hope I have the correct procedures.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:05 PM, on 10/26/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\acs.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\U.S.R.TurboGWLAN\USRWLANG.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/asl...nt/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/asl.../AcpControl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

--
End of file - 3239 bytes

Attached Files


Edited by walker39, 02 November 2008 - 06:52 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 15 November 2008 - 08:30 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

Save Uninstall List with HijackThis
  • Double click the HijackThis icon on your desktop.
  • If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.
  • Click Open the Misc Tools section.
  • Under System tools, select Uninstall Manager....
  • Near the bottom right, click Save list... and save uninstall_list.txt onto your desktop.
  • Close out of HijackThis.
  • Post back with uninstall_list.txt.


Post back with:
-the Kaspersky log
-the uninstall list
-a new HijackThis log

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 20 November 2008 - 03:45 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 21 November 2008 - 11:55 AM

Reopened.

#5 walker39

walker39
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 21 November 2008 - 03:58 PM

I will try this again. Since my first post about slowness of my computer, I have become aware in more detail about the laptop problems. Upon booting win2k, the computer shows (task mgr) cpu utilization 100 percent for about 15 to 20 minutes. Process services.exe runs about 7-8 minutes, reg.exe runs about 3 minutes,system idle about 2 minutes and system about 40-50 seconds with about 20 other processes using very minimal times. After this initial 15-20 period the computer performs all applications(msword,firefox,excel, vlc player) at normal speed.


KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 18, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 18, 2008 14:26:06
Records in database: 1391582
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 21037
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:31:39

No malware has been detected. The scan area is clean.
The selected area was scanned.


Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player
Belarc Advisor 7.2
DWL-G650M Super G MIMO Wireless Notebook Adapter
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
Hoyle Puzzle Games 2007
Java™ 6 Update 10
learn2.com Player/Plugin (Uninstall Only)
Lexmark Z600 Series
Logitech MouseWare 9.79.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office 2000 SR-1 Premium
Microsoft Streets and Trips 2005
Moraff's Maximum MahJongg
Mozilla Firefox (2.0.0.18)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Spybot - Search & Destroy
U.S. Robotics 802.11g Wireless Network Adapter
Ultimate Mahjongg
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.6d
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB904706
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB922760
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925486
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931768
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937143
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB939653
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB942615
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB944533
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951698
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958644
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
WinRAR archiver
ZoneAlarm


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:55 PM, on 11/18/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\acs.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\U.S.R.TurboGWLAN\USRWLANG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/asl...nt/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/asl.../AcpControl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

--
End of file - 4086 bytes

P.S. I installed Java to run Kaspersky scan

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 21 November 2008 - 05:14 PM

Hello walker.

Services.exe, as suggested by its name, manages starting of services. It is essential, so we can't just disable it. However, we can try to disable some of the services it starts.

Reg.exe is a registry editing tool. There is no reason for this to be running at startup, and I can't see why it is either.

Before we try anything, I want to take a more indepth look at your machine.

Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Drivers setting from "None" to Non-Microsoft.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

Thanks,
The Panda

#7 walker39

walker39
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 21 November 2008 - 10:17 PM

I downloaded OTSCANIT and ran scan. Disabled wordwrap in notepad and saved the file. Please find it attached. thanks walker

Attached Files



#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 22 November 2008 - 09:21 AM

Hello walker.

That log looks good.

Let's try disabling some services from startup.

Please uninstall (just for diagnosing) Ad-Aware and Zone Alarm.

Click on your Start Menu>Run>type "services.msc".
Double click "Java Quick Starter". Stop the service. Set the startup type to disabled.

Does this slowness still occur? By the way, do you use a Lexmark printer connected to a network?

With Regards,
The Panda

#9 walker39

walker39
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 22 November 2008 - 02:09 PM

Hi Panda
I uninstalled ad-aware and zone alarm and system rebooted automatically, still slow.
I Went to start menu and ran services.msc, services window came up stopped Java Quick Starter and set startup type to disabled in properties.
I then rebooted and computer is still slow. Same run times for services.exe 7:42 and Reg.exe 2:41.

I use a local printer HP1100 Laser. A few months while traveling I used a Lexmark Z605 (smaller and lighter) but still as a local printer. Both drivers still present I just flip flop default printer to my choice. BTW Lemark will not work on Toshiba with win vista, I have given up hope on Lexmark tech support.
Lexmark works fine to other computers with win2k. Another problem for another time this just for info. It may be possible the current slowness started installation of Lexmark driver, too far back to remember. Thanks for help in advance!!Walker

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 22 November 2008 - 04:56 PM

Hello walker.

Let's try disabling that Lexmark service. If you experience any problems, we can reenable it.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    sc stop spooler
    sc stop LexBceS
    sc config spooler depend= RPCSS
    sc config LexBceS start= manual
    pause
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input service.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click service.bat. You will see a command prompt window open. Take note of any messages you recieve that are not "success".

Please post a new HijackThis log after.

With Regards,
The Panda

#11 walker39

walker39
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 22 November 2008 - 06:24 PM

I created service.bat file and saved it on desktop with resulting icon as described. Upon double-clicking service icon a dos cmd window opened with following message. "'sc' is not recognized as an internal or external cmmand, operable program or batch file" this message was repeated four times for each occurrence in the batch file. I did not run the the HighJackThis program. thanks walker

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 22 November 2008 - 06:28 PM

Hello.

Oh sorry, this is a Windows 2000 machine..

Go to Start>Run>Type "Services.msc" .

Does anything open, or is it "not found"?

With Regards,
The Panda

#13 walker39

walker39
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 22 November 2008 - 06:53 PM

Regarding services.msc it opens a services window. This is the window I used to stop Java Quick Starter and changed the startup type to disabled. See my 2:09 message today. Thanks walker

Edited by walker39, 22 November 2008 - 07:03 PM.


#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 22 November 2008 - 07:04 PM

Hello.

Set the startup for LexBce Server to manual.

Restart your computer. Does the slowness still occur? If so, re-enable that service.

With Regards,
The Panda

#15 walker39

walker39
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Coastal North Carolina
  • Local time:05:34 PM

Posted 22 November 2008 - 08:10 PM

I set Lexbce Server start type to manual and then rebooted. Cpu is still slow. (100% utilization) I have restored Lexbce Server to automatic. Thanks walker




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users