Hi Guys and Girls.

My new PC has started running very slowly, cut and pasting files start normally and then run very, very slowly. For instance copying 100mb from one HD to another can take 10 mins! Now I did a scan with Ad-aware, Spybot, and Awil Avast antivirus, and nothing showed up, but in my Windows temp folder is a couple of files called Perflib_Perfdata_4b0 and Perflib_Perfdata_548, which are being used with Windows. I went into safe mode and deleted them, but as soon as I run Windows again, there they are, back again.

I've looked on the net and it seems as though I have a worm/virus on my PC, and with my new XP install, I think I need a bit of help to clean up my machine. Below is my HijackThis log. On my old 98 machine, this log was only a fraction of this lot, SO, HELP ME PLEASE!

Logfile of HijackThis v1.99.1
Scan saved at 8:29:21 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\pc c drive\WINDOWS\Desktop\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5B1CD4-D36B-4FC9-A509-C29AC2714824}: NameServer = 62.24.218.223 62.24.218.222
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - F:\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hi,

Perflib_Perfdata_4b0 and Perflib_Perfdata_548

Those are not a problem.

On my old 98 machine, this log was only a fraction of this lot

So true !! Win98 is NOT WinXP !

I see nothing special in your Spybot report.

But will be good to send it to their forum for experts have a look.

BTW ... would you please make ALT + CTRL + DEL (opening the Widows taskmanager) and check the processes who are running.....
Sometime you will find the culprit who slow down your PC......
In the same taskmanager ..take a look at your CPU usage at idle !!
If nothing run ..it's must be around 2% or so!!
KEEP us updated !!!!!

OFF

Hi Colonel,

As always, WC showed up as I was writing my post, but for what it's worth, your Hijack This scan is clean. The two Perflib_Perfmon files you reference are created by your operating system. You can get rid of them, but they will only return unless you disable the service creating them. They are not the source of your slowdown, though.

There are some things you can have Hijack This fix for you, but it wouldn't make much difference in your system performance: Those entries where it says file missing can be checked and then tell Hikack This to remove them. **Do, however, create a Restore Point first.** (Start | Programs | Accessories | System Tools | System Restore | Create a Restore Point, or else Start | Help | Pick a Task | Undo Changes | Create a Restore Point).

Your best bet would be to take a look at your services and disable any you do not need to run from startup to reduce the stress on your available resources and memory. If you believe you are infected, however, you can always go to TrendMicro's Housecall and have them run a free scan for you.

I've forgotten--how much memory do you have on this system? I'd like to see you have at least 1GB, but you can get by with less than that running XP. Whatever you have must be healthy, of course... Also, be certain that you have fully updated your Win XP install at MS Windows Update.

Cheers,
Kay

Hi WC and Huntress.

I have 3x256 pc133 RAM loaded. I know it's not as much as some would reccommend, but it's all I can afford. Last week it was running fine, and copying files was not a problem, but just now I tried to move a file from one HD to another and the move window froze at 5mins, although the animation continued. If you cancel the window try to move the file again, Windows says it's still working with the file, and denies access! When I close Windows, an error window appears saying windows is working with the same files.

Anything look wrong here? Win XP seems to have lots of rubbish running, which Win 98 never did.

Hi Colonel,

Actually, I am going to have to correct something I said earlier--the entries related to VistaDrive need to go away; this is related to an advertising process you seem to have acquired and can reportedly be viewed as an infectious process.

So, run your Hijack This again and check all entries related to VistaDrive; tell Hijack This to remove them. From what I can locate about VistaDrive on the internet, if you remove the relevant entries in Hijack This, that should cover the issue. If you have doubts, though, do scan the system at HouseCall and see if it can find anything else.

As to your running processes list, it doesn't appear to be untenable at all. Almost all you have running are related to the operating system, Avast, hardware, this and that. I would be inclined to take care of getting rid of the VistaDrive stuff and see if that helps, first of all.

Cheers,
Kay

welcome to XP John
after some time,you WILL like it much better
BTW,a very merry Christmas to you,the Mrs and the tiny Gibbons as well

Hi,

I'm not using your PC ...but what are ??

gg.exe
Aswupdsv.exe
AAwservice.exe
E_S41091.EXE
devldrv32.exe
ashDisp.exe
Alg.EXE

If you know ..try to disable those services and applications (stop them) to see if improvement.

I see you run automatically Spybot (Teatimer.EXE) ..not really necessary.

And BTW ..with all this running what are the results of the TAB Performances?

You have enough memory for run XP fairly.

BTW ...silly question had you made a RESTORE POINT ...of your system ... before experiencing those probs ?

OFF

Hi WC.

GG.exe is my wife's Polish chat program, though which I've never had a days problem with Win98. It's a PTP chat program, and only allows contact between people on our list, everyone else is blocked.

The other rubbish, well your guess is as good as mine. If they are nothing special, how do you get rid of them? Into safe mode, and search/delete?

Hi,

Nothing to delete already....
When you are in the taskmanager....
Right clik on the procees you want stop.
You will have a menu.
Stop the process from there.
You delete nothing ..you just stop it (I mean ..the next time you will reboot ..they will be started again )
After the stop of the desired processes ...check again the CPU performances and check again how act your PC (copying ..etc..)
By principle ..the best is to have the less possible applications and processes who start automatically when you boot...
Personnally my list show a total of 22.(you read 24 cause my capture software and taskmanager running )
If applications are needed ..it's allways time to start them after boot when required !
If you want to know more about processes and services and how manage them .. the Blackviper site is a good starting page
http://www.blackviper.com/



OFF

Hi,

I respectfully disagree with my learned colleague on some of your stuff he lists:

Aswupdsv.exe --Avast update service
AAwservice.exe --AdAware 2007
E_S41091.EXE --Epson process monitor
devldrv32.exe --SB Live!
ashDisp.exe --Process info for Avast
Alg.EXE --OS generated; Application Layer Gateway Service

I actually see nothing here I would disable but mileage does vary between users The chat program can be disabled from startup and run from the Start | Programs menu or from a Desktop or QuickLaunch shortcut if you wanted.

When you run a Hijack This scan or when you look at your list of running processes and services, you can find out what the various applications are at a number of different sites on the internet. Process Library is one of the most reliable ones I have found but there are others.

Oh, on the VistaDrive thingy? That has a path statement indicating that there will be a subdirectory of Windows on your hard drive called VistaDrive; that should also be removed. First check and see if it can be uninstalled by way of Control Panel | Add/Remove Software. If not, just delete the folder entirely. Again, remember to create a Restore Point first.

Cheers,
Kay