Computer Freezes or Very Slow - Windows Explorer

G

Guest

Hi,

I have Toshiba Laptop - Dual Core with 512MB Ram - 2 Partition - C: 20Gb
with 9Gb Free & D: 60 GB with 25GB Free. XP SP2 with all the latest updates
till date. AVG & Spybot.

My computer freezes every 10-15 minutes on clicking on any startup item or
task bar item. Even Alt-Ctrl-Del comes after 90sec.

Had Page file of 700Mb increased to 1.2GB but no change.

Below is my HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 3:30:32 PM, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\procexp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object -
{AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager
6\Mm6InternetExplorer.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182174386716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182174191182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = witsinteractive.com
O17 - HKLM\Software\..\Telephony: DomainName = witsinteractive.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6478403B-42FC-4259-9B35-A09898B0AB9E}:
NameServer = 10.100.0.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E626D6B6-2E6D-4451-8F85-34CFE7BB256F}:
NameServer = 10.100.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = witsinteractive.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = witsinteractive.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -
C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. -
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


Please help...
 
L

Leonard Grey

HiJack This logs are not analyzed in this newsgroup. Look here for an
expert web site that analyzes HJT logs:
http://www.google.com/search?hl=en&q=hijack+this+analysis&btnG=Google+Search

---
Leonard Grey
Errare humanum est

Hitesh said:
Hi,

I have Toshiba Laptop - Dual Core with 512MB Ram - 2 Partition - C: 20Gb
with 9Gb Free & D: 60 GB with 25GB Free. XP SP2 with all the latest updates
till date. AVG & Spybot.

My computer freezes every 10-15 minutes on clicking on any startup item or
task bar item. Even Alt-Ctrl-Del comes after 90sec.

Had Page file of 700Mb increased to 1.2GB but no change.

Below is my HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 3:30:32 PM, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\procexp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object -
{AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager
6\Mm6InternetExplorer.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182174386716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182174191182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = witsinteractive.com
O17 - HKLM\Software\..\Telephony: DomainName = witsinteractive.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6478403B-42FC-4259-9B35-A09898B0AB9E}:
NameServer = 10.100.0.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E626D6B6-2E6D-4451-8F85-34CFE7BB256F}:
NameServer = 10.100.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = witsinteractive.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = witsinteractive.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -
C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. -
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


Please help...
 
G

Guest

Hi,

Thanks .. Will od.. I had read some post where HJT log was posted and hence
posted it.

In any case how do I get across this problem.

Hitesh

Leonard Grey said:
HiJack This logs are not analyzed in this newsgroup. Look here for an
expert web site that analyzes HJT logs:
http://www.google.com/search?hl=en&q=hijack+this+analysis&btnG=Google+Search

---
Leonard Grey
Errare humanum est

Hitesh said:
Hi,

I have Toshiba Laptop - Dual Core with 512MB Ram - 2 Partition - C: 20Gb
with 9Gb Free & D: 60 GB with 25GB Free. XP SP2 with all the latest updates
till date. AVG & Spybot.

My computer freezes every 10-15 minutes on clicking on any startup item or
task bar item. Even Alt-Ctrl-Del comes after 90sec.

Had Page file of 700Mb increased to 1.2GB but no change.

Below is my HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 3:30:32 PM, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\procexp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object -
{AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager
6\Mm6InternetExplorer.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182174386716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182174191182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = witsinteractive.com
O17 - HKLM\Software\..\Telephony: DomainName = witsinteractive.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6478403B-42FC-4259-9B35-A09898B0AB9E}:
NameServer = 10.100.0.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E626D6B6-2E6D-4451-8F85-34CFE7BB256F}:
NameServer = 10.100.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = witsinteractive.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = witsinteractive.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -
C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. -
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


Please help...
 
C

cquirke (MVP Windows shell/user)

On Fri, 3 Aug 2007 00:20:03 -0700, Hitesh Jain
Thanks .. Will od.. I had read some post where HJT log was posted and hence
posted it. In any case how do I get across this problem.

Maybe I'm "out of line", but I'll have a go at that log...

Partitioning can speed things up - or slow things down.

What is on D:?

If no significant installed code, then disable System Restore on D:
(and while there, shrink C:'s System Restore allocation to 1G).

That will reduce the slow head travel between C: and D:, as will not
installing always-in-use progs or "things" (Temp, pagefile etc.) on D:

OK; nice to see only one resident av, and AVG doesn't cause as much
system slowdown as many - with one exception. By duuuhfault, it will
do a "full system scan" every morning, at the start of your working
day; this scan runs low-priority, so the performance impact is not
massive, but it may take all day to run. As this involves scratching
around in both partitions, you can expect significant impact.

So, go to AVG's Test Center or Control Panel (beats my why these av
always duplicate the UI) and disable the scheduled scan.

Hmm... OK.

700M is enough. Is it on C:?

I don't stare at HJT logs all day, so the other guy's advice to post
the log to sites that have such ppl is a good one. By the time I get
to HJT, other scanning processes have left not much to see.

I'll snip what is OK, to de-bulk the post...

Harmless, but an oxygen thief that can pollute Windows subtree with
large numbers of FFFF... files. The files are zero-length, but the
extra entries will slow down directory access, especially on FATxx

Kill this service in Computer, Manage, Services, and also disable
debugging in IE's Tools, Options, Advanced. You may have to do both,
if you have MS Office and/or software dev tools on the PC.

I usually disable that.

Make sure Outlook's journalling is switched off - it was on by default
in MS Office 2000, and that setting may be inherited if you upgraded
your way to "MS Office 11".

http://www.file.net/process/procexp.exe.html

"5% dangerous" - OK if you know about it, IOW.

If you have a permanent IP address, Skype may use you as a
"supernode". Suspect this if your Internet traffic goes up in both
directions. The Skype service runs on a peer basis (no such thing as
a "Skype Server") so this is the cost of the "free lunch".

http://www.file.net/process/mm6internetexplorer.dll.html

Looks crappy, unless you know what it is. I'd disable all BHOs via
IE's Tools, Options, Advanced, "[_] Enable 3rd-party..." or, if you
found a BHO that doesn't suck, kill 'em selectively via IE's Tools,
Options, Programs, Add-Ins.
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe

I'd disable that, and use Spyware Blaster's passive protection instead
(one less underfootware process)

Hope I did. Nothing in the HJT looks ghastly, but then again, HJT
only shows you the bulk of explicitly-integrated sware. It can tell
you nothing about implicitly-integrated sware (intra-file code
infectors, internal surface exploiters, file replacers) and misses
several integration points (file associations, codecs, "drivers",
screen savers, Safe Cmd Only alternate shell, etc.)

How big are your browser caches? Keep 'em 50M or less, and check in
each user account as it's a per-account setting.

Multiple user accounts and fast user switching? That's a great way to
bloat your memory footprint and increase disk paging. I suspect this
is a factor when folks say "you need 1G RAM for XP" blah blah.


The pattern of slowdown you describe suggests possible shell
integration issues, or "namespace bloat".

Make sure you eject all removable drives and try to avoid network
drive letter mappings that may bloat the namespace refresh time.

Then carefully use Nirsoft's Shell Extensions Viewer...

http://www.nirsoft.net/utils/shexview.html

....to reversibly disable non-MS shell integrations that would be
active when Explorer refreshes namespace and/or folder views.


--------------- ----- ---- --- -- - - -
To one who only has a hammer,
everything looks like a nail
 
G

Guest

Hi,

Thanks for the detailed analysis...

System Restore is off fior both drives..

I have OS and Programs installed on C: and data on D:.

Pagefile on C:

Deafult system scan by AVG is disabled.. Only Resident AVG is enable.. Also
Spybot Teatimer is enabled for Spyware.. Both have latest updates.

MDM disabled.

Outlook journaling is already disabled.

Mind Manager is an application that I use.. But will disable BHO

So basically I am at what you are saying with only diff being that 1GB RAM..

Still my machine is dead slow..

Also I check the event log and found the following:

DnsApi - Error
The system failed to register host (A) resource records (RRs) for network
adapter
with settings:


Hitesh
..

cquirke (MVP Windows shell/user) said:
On Fri, 3 Aug 2007 00:20:03 -0700, Hitesh Jain
Thanks .. Will od.. I had read some post where HJT log was posted and hence
posted it. In any case how do I get across this problem.

Maybe I'm "out of line", but I'll have a go at that log...

Partitioning can speed things up - or slow things down.

What is on D:?

If no significant installed code, then disable System Restore on D:
(and while there, shrink C:'s System Restore allocation to 1G).

That will reduce the slow head travel between C: and D:, as will not
installing always-in-use progs or "things" (Temp, pagefile etc.) on D:

OK; nice to see only one resident av, and AVG doesn't cause as much
system slowdown as many - with one exception. By duuuhfault, it will
do a "full system scan" every morning, at the start of your working
day; this scan runs low-priority, so the performance impact is not
massive, but it may take all day to run. As this involves scratching
around in both partitions, you can expect significant impact.

So, go to AVG's Test Center or Control Panel (beats my why these av
always duplicate the UI) and disable the scheduled scan.

Hmm... OK.

700M is enough. Is it on C:?

I don't stare at HJT logs all day, so the other guy's advice to post
the log to sites that have such ppl is a good one. By the time I get
to HJT, other scanning processes have left not much to see.

I'll snip what is OK, to de-bulk the post...

Harmless, but an oxygen thief that can pollute Windows subtree with
large numbers of FFFF... files. The files are zero-length, but the
extra entries will slow down directory access, especially on FATxx

Kill this service in Computer, Manage, Services, and also disable
debugging in IE's Tools, Options, Advanced. You may have to do both,
if you have MS Office and/or software dev tools on the PC.

I usually disable that.

Make sure Outlook's journalling is switched off - it was on by default
in MS Office 2000, and that setting may be inherited if you upgraded
your way to "MS Office 11".

http://www.file.net/process/procexp.exe.html

"5% dangerous" - OK if you know about it, IOW.

If you have a permanent IP address, Skype may use you as a
"supernode". Suspect this if your Internet traffic goes up in both
directions. The Skype service runs on a peer basis (no such thing as
a "Skype Server") so this is the cost of the "free lunch".

http://www.file.net/process/mm6internetexplorer.dll.html

Looks crappy, unless you know what it is. I'd disable all BHOs via
IE's Tools, Options, Advanced, "[_] Enable 3rd-party..." or, if you
found a BHO that doesn't suck, kill 'em selectively via IE's Tools,
Options, Programs, Add-Ins.
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe

I'd disable that, and use Spyware Blaster's passive protection instead
(one less underfootware process)

Hope I did. Nothing in the HJT looks ghastly, but then again, HJT
only shows you the bulk of explicitly-integrated sware. It can tell
you nothing about implicitly-integrated sware (intra-file code
infectors, internal surface exploiters, file replacers) and misses
several integration points (file associations, codecs, "drivers",
screen savers, Safe Cmd Only alternate shell, etc.)

How big are your browser caches? Keep 'em 50M or less, and check in
each user account as it's a per-account setting.

Multiple user accounts and fast user switching? That's a great way to
bloat your memory footprint and increase disk paging. I suspect this
is a factor when folks say "you need 1G RAM for XP" blah blah.


The pattern of slowdown you describe suggests possible shell
integration issues, or "namespace bloat".

Make sure you eject all removable drives and try to avoid network
drive letter mappings that may bloat the namespace refresh time.

Then carefully use Nirsoft's Shell Extensions Viewer...

http://www.nirsoft.net/utils/shexview.html

....to reversibly disable non-MS shell integrations that would be
active when Explorer refreshes namespace and/or folder views.


--------------- ----- ---- --- -- - - -
To one who only has a hammer,
everything looks like a nail
--------------- ----- ---- --- -- - - -
 
C

cquirke (MVP Windows shell/user)

On Mon, 6 Aug 2007 01:16:01 -0700, Hitesh Jain
System Restore is off fior both drives..

I'd keep if on for just the OS drive, but scale down the allocation,
as SR is the only automatic full registry backup XP has. Else I'd add
ERUNT and automate that as a set of weekday Tasks, each saving to a
different location to maintain a 5-day FIFO.
I have OS and Programs installed on C: and data on D:.
Pagefile on C:

Cool... how big is the pagefile? How large and full is C:?
Deafult system scan by AVG is disabled.. Only Resident AVG is enable.. Also
Spybot Teatimer is enabled for Spyware.. Both have latest updates.

OK; I'd disable TeaTimer, I guess.
MDM disabled.
Guuud...

Outlook journaling is already disabled.

Good, too
Mind Manager is an application that I use.. But will disable BHO
So basically I am at what you are saying with only diff being that 1GB RAM..
Still my machine is dead slow..
Also I check the event log and found the following:
DnsApi - Error
The system failed to register host (A) resource records (RRs) for network
adapter with settings:

Dunno what that means?

OK on that pagefile Q, then.

Also, general profound and "lumpy" slowdown can happen if your HD's
IDE controller is in PIO mode (it's "lumpy" because the
processor-hogging effect interrupts media playback etc.).

To check UDMA status, do this:
- Control Panel, System icon, Hardware tab, Device Manager
- IDE (ATAPI) controllers; each Primary and Secondary
- Advanced tab; "current" should be UDMA if device present
- if the drop-down shows only PIO, read on...

This situation arises as a safety fallback after "too many" errors in
UDMA mode. Whereas UDMA releases the CPU during transfers, PIO
requires intensive involvement.

So the first thing to do would be to use HD Tune's SMART page to
check out the UDMA and other (more significant) error rates.

Then, if those are OK, carefully apply the registry fix, which resets
the error counters so that you can re-engage UDMA.

Google( XP PIO mode regedit )

http://support.microsoft.com/kb/817472

I would skip the "hotfix", as well as the "workaround", and use the
registry fix at the end of that article. Read the details carefully,
as it is easy to chop the wrong stuff (such as the parent devices; no
need to touch those, bad things can happen if you do).

If the fix does not appear to "take", look again after shutting down
and restarting Windows. It's "one of those".

--------------- ----- ---- --- -- - - -
Never turn your back on an installer program
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top