Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default Erratic PC activity..

    Hello,

    Am rather new to this forum, and am in need of some help/advice or anything anyone can do..
    The problem I have is a recurring one, and I've just had a bout of it. What happens, is that every about 6 weeks or so, whenever I boot up the PC, if I try and put any information into a box, if i do a search, or log into anything or anywhere, what it will do is then try to overflow the PC as such and then either clear itself up OR go into hibernate mode and then won't do anything and I will have to reboot again, and then it all starts again. Thing is, it only tends to last for about two to three days, and then I have about 4-6 weeks of the PC acting normally and then it happens again, same thing over and over. I know when this tends to happen because on my Logitech keyboard, I have a little screen thing with three lights, the numlock, capslock, and F-mode lights. When this happens, the F-mode light stays lit even when the PC is turned off. When its not, this goes out when I turn off. Something else I've noticed also is that after every single time this has happened, my PC starts working faster than it was before for a while.. it shuts down faster than it did before, that kind of thing.

    I've been down the Spyware/malware route already with this, spoke to a nice peep called NeonFx and after some scans I was assured that it's clean. (I believe the post's still up on the Spyware Forum.. )

    My system is running on MS Windows XP Service Pack 3, and is up to date. The processor's an AMD Phenom 9650 Quadcore, with 3.00 GB RAM. I have recently changed my antivirus from McAfee's Total Security to Avast! as well if that is helpful to anyone..

    Any help at all would be more than welcome as I don't want this to happen again, tbh.. it keeps happening when I am on holiday..!! Many thanks in advance, Lindsey

  2. #2
    Member abseh1's Avatar
    Join Date
    Jul 2008
    Location
    Tampa Bay
    Posts
    2,319
    Points
    388
    Blog Entries
    2

    Default

    Do you connect the key board with a USB plug?....if so try a different USB port for the key board
    SIGNATURE...When I post info I assume you have already read this link
    How to Start Removing Viruses and Spyware from your Computer

  3. #3
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    There are a few reasons why this could be happening - some simple and some very difficult to pinpoint. As you have a time element attached to the problem, it'll hopefully turn out to be simple.

    First thing to do is check any scheduled tasks. Click on Start, All Programs, Accessories, System Tools, Scheduled Tasks. Make a note of anything you see, then delete everything apart from the Add New Task icon.

    Let us know what was in the folder, if anything, and also post a new HijackThis log.

  4. #4
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default

    I've checked my tasks, and I had one thing in it. It was this: Apple SoftwareUpdate, scheduled to run at 0805 every Saturday morning, next was scheduled to run 0805 3 April and the last ran at 0805 on 6th March.

    As requested, a current HJT log..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:21:38, on 28/03/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1260787526070
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1260979902953
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 8064 bytes


    Yes, both my keyboard and mouse are USB ones. Should I change ports?

  5. #5
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    I've checked my tasks, and I had one thing in it. It was this: Apple SoftwareUpdate, scheduled to run at 0805 every Saturday morning, next was scheduled to run 0805 3 April and the last ran at 0805 on 6th March.
    OK, that wasn't necessary to run, so hopefully you deleted it.

    Your log shows quite a few unnecessary processes and services that aren't necessary. Give me some time to check through the log. Meantime, do the following...

    Click on Start, Run, copy and paste the following, and click OK.

    regsvr32 /u "%COMMONPROGRAMFILES%\Ahead\Lib\MediaLibraryNSE.dll"

    Then restart your computer.

    Also go to Add or Remove Programs and uninstall Registry Mechanic. Registry cleaners cause more problems that they cure, and are not recommended by this forum. Unfortunately, they are often recommended as a quick cure for problems, which simply isn't the case.

    Give me 24 hours.
    Last edited by arraknid; 03-28-2010 at 03:17 PM.

  6. #6
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default

    Yes, I did delete the Apple task. But I was unable to run the regsvr thing: I got an error message which was this: LoadLibrary("C:\ProgramFiles\Common Files\Ahead\Lib\MediaLibraryNSE.dll")failed - the specified module could not be found.

    Have uninstalled Registry Mechanic though.

  7. #7
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    Quote Originally Posted by karimoo
    But I was unable to run the regsvr thing
    Not to worry, we'll deal with that another way.

    Run another HiJackThis scan, place a check mark against the following entries and click on Fix Checked.

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (if still present)
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


    You have 2 other entries, for MalwareBytes and Superantispyware. Are these the paid for versions? If yes, both are acting as real-time scanners, in addition to the free TeaTimer, so you need to disable two of them. You can't have 3 realtime scanners running at the same time, only 1. Also check the settings of both applications to see if there are any scheduled scans present. However, if they are both free versions, place a check mark against these 2 entries and click Fix Checked.

    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray


    You also have Windows SearchIndex.exe running in the background which will slow down your system a lot by using resources unnecessarily. To turn it off, do the following...

    • Click on Start, then My Computer.
    • Right click on the C: drive and select Properties.
    • Click on General tab if itís not already selected.
    • Untick the check box for Allow Indexing Service to index this disk for fast file searching option.
    • Click OK, accept default setting, and wait for the index removal process to complete, which may take a few minutes. If you get any error messages, click on Ignore all, and OK.
    • Repeat the steps for other hard drives, if present.


    To explain what we've done, all of the above will remove unnecessary processes that may be causing the problems you've been experiencing. As you only see things go slow every few weeks, the changes may not be apparent immediately, but should speed things up anyway.

    You can also clear your cache (History and Temp files) regularly in your browser as well as running the Clean option of Ccleaner at least once a week. Please don't use the Registry clean option.

    Let us know how it goes.

  8. #8
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default

    Ok, I've just done all of that in HJT and cleaned it... The PC shut down slower than usual but it is fine so far..

    I do have a question.. you said I had three realtime scanners going? Well Superantispyware was free so I did check that but Malwarebytes is the paid for version. Can I check Teatimer instead of that?

    Have clicked off the Fast Indexing stuff as well. So far, many many thanks!!

  9. #9
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    I do have a question.. you said I had three realtime scanners going? Well Superantispyware was free so I did check that but Malwarebytes is the paid for version. Can I check Teatimer instead of that?
    You certainly can. Teatimer is more of a resource hog than MalwareBytes anyway, so that would be my choice too. You can still run Spybot when doing regular maintenance - same for SuperAntispyWare, but to stop Teatimer coming back, you should disable it in SpyBot. This link explains how. Scroll down the page to To de-activate ( disable ) Tea timer.

    BTW, the slow shut down is normal after making so many changes.

  10. #10
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default

    Thank you so much for all that help. I have now disabled Teatimer as well so I only have Malwarebytes running as a real-time scanner. The PC is running a lot faster than it was but as for the problem I originally had, I hope I won't get it back again.. Thank you so so much for your help!!

Page 1 of 2 12 LastLast