Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Really Slow But No Malware/spyware/viruses Found


  • Please log in to reply
7 replies to this topic

#1 oceania

oceania

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 18 August 2006 - 06:23 PM

In the last week or so my Toshiba Satellite laptop has become very slow, particularly when I shut down…it now takes about 10mins or so. Booting up is fast but once the desktop is loaded it slows down.

I’d like to think I’m somewhat computer savvy. I’ve taken several precautionary measures. I have Mcafee Enterprise Version 8 installed and running, keep the definition files up to date. I have Zone Alarm 6.5.722 and the XP firewall running. I have Ad-aware & Sybot Search and Destroy. I install any new updates for any of these products when they become available, including Win XP updates. My computer “appears” to be clean but something is causing it to be so slow.

I cleaned my temporary files. Defragmented my hard disk….I have 25 GB of free space.

I’m not sure if this is related or not by I also noticed by interconnection gets dropped sometimes and I can’t renew the IP address or DNS entry so I have to reboot.

I have followed the steps listed in the ‘preparation guide to posting’ thread (I already did all that stuff)…here’s m HiJackThis log:

I also noticed that when typing on this board the cursor is jumping around causing me to retype practically every character! ( I typed this in Word)…I’m using Firefox and I’ve encountered this problem once before…something with the board software.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:24 PM, on 18/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee\SHSTAT.EXE
C:\Program Files\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ProtoWall\ProtoWall.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\mcshield.exe
C:\Program Files\McAfee\vstskmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE
C:\Documents and Settings\Saveena\Desktop\stng260.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Security\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix /autoclose
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\ProtoWall\ProtoWall.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\McAfee\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\McAfee\vstskmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks so much for your time & help! :thumbsup:

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 18 August 2006 - 08:54 PM

Your version of Adaware is out of date by at least a year and I think more!

Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS Windows Defender - http://www.microsoft.com/downloads/details...;displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS Defender (W2k/XP) and Spybot, fixing anything they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Check for updates and run weekly
==================

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· Run the application
· Clickon scanner
· then select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· Un-Select "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Apply all actions
· look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
RE-Boot
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 oceania

oceania
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 20 August 2006 - 12:47 PM

Actually, I had the newest version but I un-installed it because I have to run it manually (it doesn't have the option for auto start) but I run 2 or 3 other spyware detectors....I don't think spyware is the reason why computer laptop is slow

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 20 August 2006 - 04:54 PM

The old version will not work correctly - you need the new version

Where is the Ewido log and a new hijack log???
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 oceania

oceania
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 August 2006 - 12:31 AM

Thanks for your patience but this really did very long (almost 2 hours) and I'm ready to throw my laptop against the wall!!!!

I already had Spybot, it found nothing. Downloaded the 3 other you listed and updated the definition file and it also found nothing

Logfile of HijackThis v1.99.1
Scan saved at 1:29:09 AM, on 22/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee\SHSTAT.EXE
C:\Program Files\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ProtoWall\ProtoWall.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\mcshield.exe
C:\Program Files\McAfee\vstskmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Security\HijackThis.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix /autoclose
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\ProtoWall\ProtoWall.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\McAfee\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\McAfee\vstskmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:21:19 AM 22/08/2006

+ Scan result:



C:\data -> Downloader.IstBar.ja : Cleaned.


::Report end


Thanks so much for your time.

Edited by oceania, 22 August 2006 - 12:32 AM.


#6 oceania

oceania
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 August 2006 - 08:09 AM

Now that I think about it, I think this all started when I installed the newest update for Zone Alaram and when I look at the processes running, vsmon is always using the most memory. I also got an error message when I tried to update saying something about TrueVecto needing to be turned off before it can continue...I had no idea what that was until I examined the HiJack log. Maybe uninstalling it and re-installing it might do the trick?

Yesterday it took over 10mins maybe even 15-20mins before it should down. I usually end up powering it off myself when I need to just reboot.

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 22 August 2006 - 10:08 AM

I wonder if ProtoWall and ZoneAlarm are fighting

You can also throow McAfee into the mess as it is a bloated pig

Disable Proto in msconfig and then see what happens

The log is clean
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 oceania

oceania
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 August 2006 - 05:05 PM

Ok it's definitely because of Zone Alarm. I had a hell of a time trying to un-install it. Anytime I did anything (uninstall, change settings, remove from start up) - I would get an error message when I tried to open any other application (Firefox, Word) - it kept saying that I don't have permission and to login as adminstrator. It's something to do with TrueVectonr Monitoring System - not sure what but once I finally got it stop loading up (would still do that even after I removed software via Control Panel) my laptop shut off right away. This probably also might explain why my internet connection would drop all of a sudden (which started around the same time).

So I'm now using a product my netveda as a firewall in conjunction with Win XP Firewall. I'm not sure if there is a better one out there.

I really appreciate all your help...thank you so much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users