XP - Extremely Slow, No Desktop BG options.

[nyteshyft]

Hi, here's the problem:

You cannot choose a background what-so-ever for some reason, just stays as a blue screen. Windows also takes atleast 10-15 minutes to start up properly, and once it does start up and you click say IE, it will take another 5 minutes to load that. This isn't my computer, it's my grandparents, I have a heap of crap at my house but this is relatively new and better and it's slower than mine?? *censored*?

System Idle Manager uses 94% of the processor ALL THE TIME, not just when it is idling, usually it is high when there is nothing going on, and when you start a program it goes down, but for some reason it stays on a consistent 90 to 98.

System restore will not allow you to go back a month.
Here's some somewhat vital information you may need, I'll most likely have to post a thread after this because I'm going to use HijackThis! and post what that says.

INFO:
Acer Aspire T300 MHD11190
Intel Celeron 2.40gHz
248mb RAM (not sure if it's DDR or SD)
Windows XP Home Edition SP2 (All legal, no copies (including programs))
Remote Assistance is ON.
Virtual Memory is on 744 which is maximum.
SVCHOST stays on a consistent 70% CPU usage.
PF Usage whilst idle: 327mb
Physical Memory (K): Total: 253420
                                Available: 81132 & Descending
                                System Cache: 87152 & Jumping
Kernal Memory (K): Total: 54880
                              Paged: 46972 & Jumping
                              Nonpaged: 7908
Processes: 41 to 45 consistently.
Commit Charge: 311348K/5477

I'll post a new thread with the HijackThis! logfile.

[nyteshyft]

Logfile of HijackThis v1.99.1
Scan saved at 15:12:39, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\16.bin\mwsoemon.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\WiseCam\WCamTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\joseph lelievre\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4476001&ctry=00000809&os=5&src=1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\16.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\16.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\16.bin\MWSBAR.DLL
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\16.bin\MWSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\joseph lelievre\Local Settings\Temporary Internet Files\Content.IE5\UHXEZ650\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\16.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [rsow1.exe] C:\WINDOWS\Temp\rsow1.exe
O4 - HKLM\..\Run: [rsow2.exe] C:\WINDOWS\Temp\rsow2.exe

More to come.. :S

[nyteshyft]

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\16.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\16.bin\MWSOEMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\16.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiseCam.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?973c9f92a2e94d2183c9aa9ba5413e3b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?973c9f92a2e94d2183c9aa9ba5413e3b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/Hotbar/programs/Hotbar.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3269D62E-32F5-4BD5-ADF5-F4DF9941C52E}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{9265BFE9-F5A8-4DCC-9963-5008D252498D}: Domain = vic.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SysQbt - Unknown owner - \\?\C:\Program Files\Common Files\Services\com7.exe (file missing)

Done. Yeah. Hope to hear from someone soon, this slowness is frustrating.
Don't know if this helps but this comp has the new IE (the ripoff of Firefox), seems to use up a lot of mb.

[pcdoc4christ]

Svchost is a legitimate Windows process.  BUT -

It can also be a worm or Trojan Horse (which are each a kind of computer virus) disguising itself as the legitimate Windows process.  It is a popular ruse:

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2005-29,GGLG:en&q=svchost%2eexe+site%3asymantec%2ecom

A brief explanation is here:

http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/

Rather than trying to figure out what has infected the computer and remove it manually (by editing the registry and deleting the files as indicated in one of the links above), your best treatment might be to reinstall Windows and choose the option to reformat the hard drive.  This will delete all documents and programs, but will likely rid the system of the terminal infection.


You can try to backup documents, pictures, music, etc., but you run the risk of reinfecting the system.  After you reformat and reinstall Windows, make sure you install a good antivirus program, download the updates, and do a full system scan.

[nyteshyft]

Yeah, always sus with SVCHOST, there's two processes of it running at the moment, one by system and one by network. :S

That's all fine, but how does that effect the background options? As in, the desktop is blue constantly, when you right click the desktop > properties, everything is unselectable, no options to change the background what-so-ever, even when you are in explorer (my pictures) or something and you right click > set as desktop bg, that doesn't do anything either except when you start up the computer and shut it down, when windows shuts down explorer or just before it starts up the picture you want as the background is there. Quite odd.

Other than that there seems to be nothing wrong with it, system restore doesn't work either what-so-ever even after you create restore points. No crc checks or anything, which is fine.

Yeah, a clean format sounds like the only resolution at the moment.

As this isn't my computer, what anti virus and firewall programs would you recommend for this? It has to be rather user friendly as it is my grandparents computer.

So far they run AVGFREE, which is pretty good imho, I have the new norton antivirus, and I hate it, it's rather pointless to tell you the truth, I deleted it and stuck on Ewido and AVG.

I cbf playing around with the registry, as I will most likely screw it up and have to reformat anyway. Any other suggestions, such as safe mode options?

That's a good question (just thought of something) how did it get there? SVCHOST that is, not the normal system file, the bad one? All the downloads on here are pretty legit, no P2P crap, only downloads here are: the new IE and anti virus updates.

Below is a screenshot of what I am not able to do to the background. (desktop properties window)

Anyway, thank you for your help so far, if you could answer the questions above it would be greatly appreciated. Thank you.

[JPH]

hi nyteshyft, your grandparents' computer is infected with malware. To be more specific it is infected with the "My Web Search" toolbar. I can tell you how to get rid of it manually but it would be easier for both of us if you just do the following:

Download and install Ad-Aware SE

Download and and install Spybot Search & Destroy

Update both programs (update AVG Anti-Virus too while you're at it)

Turn system restore OFF and then boot into safe mode.

Click Start > Control Panel > Add or Remove Programs and locate "My Web Search" and click Change/Remove to uninstall it.

Run full scans with Ad-Aware, Spybot & AVG one at a time removing anything nasty they find.

Reboot

That should take care of it.

Rename "HiJackThis.exe" to something else (e.g. "HJT2K6.exe") and then run another scan and post the new logfile.

- JPH

[nyteshyft]

Thanks dude, my grandad already saw your post before I did and did what you asked. I downloaded that registry fixing thing, paid for it and what not, seemed to fix it (344 registry errors :S) lol.

The desktop is fixed, etc. Only problem is that the PC runs too slow, but I think that's because it's only got bloody 248mb SDRAM which in todays standards is ridiculously pathetic, but then again, it's not like my grandparents are going to play Need For Speed: Most Wanted or Oblivion, so I suppose it's all good.

Thanks heaps guys.

You know what's funny and even more pathetic... I'm getting my masters degree in IT (haven't started yet, that's next year )and I couldn't figure out *censored* was wrong with this thing, I hate you Mr. Gates, I hate you so much it hurts. That man needs to get these things called "Programmers", not "Script Kiddies".

Thanking CH.com