Computer Dragging...

[LA22]

and im 95% certain its not spyware, malware, adware, or virus (still leave 5% lol)

Its a Toshiba Laptop running Windows Vista.

I ran a windows defender scan which turned up nothing, and here is my High Jack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:37 PM, on 7/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/...jolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8829 bytes


I also ran a command called sfc/ scannow which gave me the message "Windows resource protection has found corrupt files but was unable to fix some of them"

Can anyone help me fix my "lagging" computer? It has just been dragging along for the past 3 weeks now.

Thanks

[LA22]

Well I ran memtest86+ and it came back with no issue's. I want to do a Vista "repair install" but after reading around the net for a little bit, apperently, you can only do an "upgrade install"

Still when I boot from disc, it does not give me a upgrade install option.

Remember I have a Toshiba laptop and the "backup/recovery/repair disc" actually came on two seperate disc's.

I am also going to run a surface scan and see if any errors appear there.

[LA22]

Can I get a lttle help? :S

[LA22]

update:

I ran the surface scan with no errors.

Now I am trying to do a Vista repair install by following this guide: Computer Dragging...

The only problem is when I insert disc 1 of 2 it does not auto play to that screen. THen when I open the disc up there is no "setup" files as the guide speaks of.

WHen I boot from the disc, the only repair option it gives me is a "startup repair" which hasnt detected any problems. The other options it gives me are restore point options along with a memory test.

Remember, its a Toshiba laptop, with 2 toshiba recovery discs.

Thanks you

[shadowpr]

Can you run hard drive diagnostics on it to see if it's a failing drive?

[LA22]

Quote:

Originally Posted by shadowpr Can you run hard drive diagnostics on it to see if it's a failing drive?

Sure, how would I go about doing that?

I ran SpinRite http://en.wikipedia.org/wiki/SpinRite but like I said it didnt report any errors

[flanzig1]

In your OP you said the computer is "dragging". Pretty vague. I'm going to gues you mean slow boot and/or it runs things slow. If this is the case, how much ram does the laptop have? Vista should have around 2gigs, 1gig is usable. Also check in Task Manager to see how many processes are running. Check MSCONFIG to see how many programs are in Startup. If you answer yes to any of these things, your laptop will be "dragging"

[LA22]

Quote:

Originally Posted by flanzig1 In your OP you said the computer is "dragging". Pretty vague. I'm going to gues you mean slow boot and/or it runs things slow. If this is the case, how much ram does the laptop have? Vista should have around 2gigs, 1gig is usable. Also check in Task Manager to see how many processes are running. Check MSCONFIG to see how many programs are in Startup. If you answer yes to any of these things, your laptop will be "dragging"

I have checked all these things.

I have around 60 to 65 processes running (most of the stuff is Toshiba stuff).

I have allready "tweaked" my msconfig startup list to run stuff I only want running on startup.

The Laptop has 4gigs of ram.

By dragging I mean when I open IE or some other application even after the webpage or program loads it takes a few seconds before my mouse will respond.

WHen opening application it will take longer than usually for them to actually open.

In terms of the internet, websites still load at normal speed.

It just seems like, the response time of my computer is very slow.

[shadowpr]

Quote:

Originally Posted by LA22 Sure, how would I go about doing that? I ran SpinRite http://en.wikipedia.org/wiki/SpinRite but like I said it didnt report any errors

If it's not under warrenty anymore, just open up the case and find out what hard drive manufacturer made your hard drive.

Then go to their site. If it's a toshiba hard drive, I believe Hitachi drive fitness may work.

[LA22]

Quote:

Originally Posted by shadowpr If it's not under warrenty anymore, just open up the case and find out what hard drive manufacturer made your hard drive. Then go to their site. If it's a toshiba hard drive, I believe Hitachi drive fitness may work.

Its still under warrenty (the computer is only 6 months old)

[shadowpr]

If the warrenty won't be voided by looking at the hard drive, I would do what I mentioned above.

If not, you may want to bring it to where you bought it/have warrenty with and see what they say.

EDIT: How much free space is there on that hard drive?

[MikeMoss]

Hi

If you haven't done so you could try running CCleaner and see how much junk you can get rid or.
It will also look at your registry.

http://www.ccleaner.com/

Having fewer startup items can really make a difference as well, much of the stuff that windows starts is not necessary. Check out this site...

http://www.blackviper.com/

I'm running Windows 7 and XP, I have only 5 things that load at startup in Windows 7 and 9 in Windows XP, and I have a ton of software installed. The things that load all have to do with essential services like video, and sound drivers, Adobe gamma, etc.

You may want to think about upgrading to Windows 7 when it becomes available in the fall, my computer runs fantastic with it, and the whole install only takes about 20 minutes.
In Windows 7 my computer boots in less then a minute, much, much faster then in XP.

These fixes all deal with configuration and assume that you do not have a hardware problem of some sort, but it seems like you have checked pretty much everything else.

I Hope this is some help.

Mike

[MikeMoss]

Ps.

If you do use CCleaner, go to the Options tab and select Cookies then select the cookies that you do not want to have deleted before you run cleaner.

Once you have selected the cookies that you want to keep, forum logins, banks, etc, it will always save this cookies and remove any others that you have picked up.

If you don't do this first you will end up having to log into everything again.

[LA22]

Thanks, I ran CCCleaner, but no signs on improvement.

I understand about the process's, and even though I have 50 or 60, just last month the computer was running fine with that many.

I will still try and cut some of them down though.

As for my hard drive, I have 37 gigs free and the hard drive is 250gigs total.

[kilgoretrout]

I would also recommend that you download malwarebytes, update to the most recent malware definitions and do a full scan with the system in safe mode:

http://www.malwarebytes.org/

Just to further rule out any malware problems.

With a 250 gig hd and only 37 gig left, you might wanna try defragging the hd.

[LA22]

I will download the malwarebytes program and run it just to be on the safe side. My HJT log didnt show anything, thats why I said 95% sure, but thats still a big 5% lol. Will let you guys know if I find anything.

I will run disk defrag to and report if the computer is running better or not.

Thanks

[LA22]

UPDATE:

Ran the defrag but havent had any better performance.

Here is my malwarebytes log, maybe this is a clus as to why its running slow:

Malwarebytes' Anti-Malware 1.39
Database version: 2516
Windows 6.0.6001 Service Pack 1

7/28/2009 12:55:13 AM
mbam-log-2009-07-28 (00-55-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271312
Time elapsed: 1 hour(s), 18 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\AlfaHD\Uninstall.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\tah161\Desktop\downloads\vso_2008-paradox\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.


thanks

[kilgoretrout]

That rootkit is pretty nasty; check out the posts on the malwarebytes forum:

http://www.malwarebytes.org/forums/i...howtopic=19447

You may not be entirely rid of this beast. Whenever I see a rootkit, I tend to nuke and pave after backing up user data to an external media. And I rescan the user data on the external media from a clean box before putting it back on the user's computer.