• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Ken Jacobs

Two PCs infected ... let's work on the first

80 posts in this topic

Hi Jedi, thanks for the batch of things to do. Here's the logs ...

 

Dr. CureIt

hwtest.dll;C:\Program Files\Modem Helper;Probably BACKDOOR.Trojan;Incurable.Moved.;

ApplicationInstaller.exe;F:\Downloads\Oracle Downloads\AppInstaller;Trojan.PWS.TOnline;Deleted.;

SymantecAntiVirus.exe;F:\Downloads\Oracle Downloads\Symantec Anti Virus;Trojan.PWS.TOnline;Deleted.;

hwtest.dll;F:\Programs\Stuff from c-programs Sept 2005\Modem Helper;Probably BACKDOOR.Trojan;Incurable.Moved.;

A0109461.exe;F:\System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP674;Trojan.PWS.TOnline;Deleted.;

A0109462.exe;F:\System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP674;Trojan.PWS.TOnline;Deleted.;

 

Here's the ComboFix log (note, tho, there were some messages about "unsuccessful" at the start, and then "access denied" at the end. I have ZoneLabs firewall running, and killed it after the reboot ComboFix caused. Eventually ComboFix produced this log:

 

ComboFix 07-08-30.3 - "Ken Jacobs" 2007-08-31 0:13:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.121 [GMT -6:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\KENJAC~1.UTA\Desktop\internet explorer.lnk

C:\DOCUME~1\MARGAR~1.UTA\Desktop\internet.lnk

C:\WINDOWS\DOWNLO~1\cnsload-3.0.3.406.dll

C:\WINDOWS\DOWNLO~1\cnsload.inf

C:\WINDOWS\system32\instsrv.exe

 

 

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

 

 

2007-08-31 00:12 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-30 18:18 <DIR> d-------- C:\DOCUME~1\KENJAC~1.UTA\DoctorWeb

2007-08-30 18:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint

2007-08-30 03:09 <DIR> d-------- C:\Program Files\MSXML 6.0

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-30 18:16 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-30 18:06 --------- d-------- C:\Program Files\AIM95

2007-08-30 03:02 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 00:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 07:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 04:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-01-01 18:10 2 --a------ C:\Program Files\mshexc.bmp

2003-08-27 14:19 36963 -----c--- C:\Program Files\Common Files\SM1updtr.dll

2001-08-18 12:00:00 94,784 -csh--w C:\WINDOWS\twain.dll

2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll

2004-08-04 07:56:42 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll

2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll

2004-08-04 07:56:43 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll

2004-08-04 07:56:43 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll

2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll

2004-08-04 07:56:44 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll

2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 16:19]

"LantronixRedirector"="C:\Program Files\Lantronix\Redirector\red32.exe" [2001-05-29 04:40]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]

"Zone Labs Client"="C:\Program Files\Zone Labs\Integrity Client\iclient.exe" [2004-04-21 04:40]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-09 14:56]

"iTunesHelper"="F:\Programs\Apple iTunes\iTunesHelper.exe" [2006-06-14 16:24]

"QuickTime Task"="F:\programs\Quicktime\qttask.exe" [2006-07-01 13:01]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]

"nwiz"="nwiz.exe" [2003-07-28 16:19 C:\WINDOWS\system32\nwiz.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14]

"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2006-05-27 02:40]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-11-04 16:15]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"FFTI"=C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

 

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\

DESKTOP.INI [2001-08-31 12:00:12]

 

C:\DOCUME~1\KENJAC~1.UTA\STARTM~1\Programs\Startup\

palmOne Registration.lnk - F:\Programs\Sony Clie\register.exe [2005-09-19 14:20:36]

 

C:\DOCUME~1\KENJAC~1\STARTM~1\Programs\Startup\

DESKTOP.INI [2001-08-31 12:00:12]

HotSync Manager.lnk - F:\Programs\Sony Clie\HOTSYNC.EXE [2004-06-09 15:27:34]

 

C:\DOCUME~1\MARGAR~1.UTA\STARTM~1\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - F:\Programs\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AOL ACS"=2 (0x2)

 

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys

R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys

R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

R2 AutoExNT;AutoExNT;C:\WINDOWS\system32\AutoExNT.Exe

R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

R2 MyDesktopWindows;MyDesktopService;C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

R2 pnarp;Pure Networks Address Resolution Protocol;C:\WINDOWS\system32\DRIVERS\pnarp.sys

R2 purendis;Pure Networks NDIS Relay Protocol Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys

R2 QOSMyDesktop;QOS MyDesktop;C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

R2 Stltrk2k;Stltrk2k;C:\WINDOWS\system32\drivers\Stltrk2k.sys

R2 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys

R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys

R3 dsdd;dsdd;C:\WINDOWS\system32\DRIVERS\dsvideo.sys

R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys

R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys

R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys

S2 BulkUsb;BulkUsb.Sys DC6-1000 driver;C:\WINDOWS\system32\Drivers\BULKUSB.sys

S3 ATP80;Array Networks VPN Adapter80;C:\WINDOWS\system32\DRIVERS\atpdrvr3,0,1,9.sys

S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys

S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys

S3 MaxtorFrontPanel1;Maxtor 1394 Storage Front Panel Driver;C:\WINDOWS\system32\DRIVERS\mxofwfp.sys

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys

S3 powerfil;powerfil;C:\WINDOWS\system32\DRIVERS\powerfil.sys

S3 PowerFile;PowerFile;C:\WINDOWS\system32\DRIVERS\C200.sys

S4 Mirra.Service;MirraSync Service;"f:\programs\mirra\mirra.service.exe"

S4 Mirra.Watchdog;Mirra Watchdog Service;f:\programs\mirra\mirra.watchdog.exe

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\Setup.exe

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-31 00:20:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-31 0:26:50 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:25

 

--- E O F ---

 

Ran CCleaner ...

Share this post


Link to post
Share on other sites

... huge log from CCleaner. I have saved it but didn't post it since you didn't say you wanted it.

 

Now going to run (and reboot for) Error checking on Disk C: ... be right back ...

Share this post


Link to post
Share on other sites

Hi again,

 

huge log from CCleaner. I have saved it but didn't post it since you didn't say you wanted it.

No I don't need to see it, as long as it's done the job.

 

jedi

Share this post


Link to post
Share on other sites

Error checking on the disk tgook a long time, but completed successfully. Ran Defrag too, and it completed, but there were many files that could not be defragmented. See report below ...

 

Performance is "ok", but booting takes a fairly long time. Haven't been on the system really enough to tell. Navigating around with the file explorer is a little slow sometimes. Below is the HijackThis report:

 

Thanks again!

 

Ken

 

Volume Windows XP Pro (C:)

Volume size = 12.71 GB

Cluster size = 4 KB

Used space = 11.28 GB

Free space = 1.43 GB

Percent free space = 11 %

 

Volume fragmentation

Total fragmentation = 36 %

File fragmentation = 61 %

Free space fragmentation = 12 %

 

File fragmentation

Total files = 60,842

Average file size = 259 KB

Total fragmented files = 5,324

Total excess fragments = 138,636

Average fragments per file = 3.27

 

Pagefile fragmentation

Pagefile size = 766 MB

Total fragments = 30,304

 

Folder fragmentation

Total folders = 6,313

Fragmented folders = 1

Excess folder fragments = 0

 

Master File Table (MFT) fragmentation

Total MFT size = 145 MB

MFT record count = 67,931

Percent MFT in use = 45 %

Total MFT fragments = 664

 

--------------------------------------------------------------------------------

Fragments File Size Files that cannot be defragmented

446 2 MB \WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\inetcpl.cpl

431 2 MB \WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieapfltr.dat

638 2 MB \Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks\Network Magic\Log\nminstall_0.txt

797 3 MB \WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mshtml.dll

911 6 MB \WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieframe.dll

632 6 MB \WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieframe.dll

381 12 MB \DELL\Drivers\R40090\setup.exe

402 16 MB \WINDOWS\Installer\1d45ee6b.msp

1,429 16 MB \WINDOWS\system32\MRT.exe

1,952 24 MB \WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi

1,631 24 MB \WINDOWS\Downloaded Installations\{A4CF9831-FD5C-4A87-9FA0-7049F0D00128}\SlingPlayer.msi

393 25 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Local Settings\Application Data\Identities\{560738A7-84BD-4F7F-8F40-0F15E3514C20}\Microsoft\Outlook Express\Inbox.dbx

404 25 MB \Program Files\Pinnacle\Studio 8\programs\ResCom1024.dll

747 32 MB \Program Files\Java\jre1.5.0_06\lib\rt.jar

747 32 MB \Program Files\Java\jre1.5.0_09\lib\rt.jar

538 33 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Thunderbird\Profiles\x1bh07e8.default\Mail\Local Folders\Inbox

387 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP675\snapshot\_REGISTRY_MACHINE_SOFTWARE

538 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP668\snapshot\_REGISTRY_MACHINE_SOFTWARE

537 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP669\snapshot\_REGISTRY_MACHINE_SOFTWARE

510 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP670\snapshot\_REGISTRY_MACHINE_SOFTWARE

546 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP671\snapshot\_REGISTRY_MACHINE_SOFTWARE

673 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP672\snapshot\_REGISTRY_MACHINE_SOFTWARE

826 34 MB \Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks\Network Magic\NmSetup\NmSetupInstaller_0.msi

3,767 42 MB \WINDOWS\Downloaded Installations\{52D4CFE8-5982-4218-ABB2-B1AE1AF6297A}\SlingPlayer.msi

421 52 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\OfficeUpdate12\Cabs\511974\511974.MAINSP3ff.cab

1,034 53 MB \Documents and Settings\Margaret Jacobs.UTAH-DESKTOP\Local Settings\Application Data\Identities\{0152C288-5C4B-4AFE-8B68-29EC78F74E53}\Microsoft\Outlook Express\Sent Items.dbx

1,156 54 MB \WINDOWS\Installer\e70a7.msp

382 64 MB \Program Files\Microsoft Office\MEDIA\CntCD1\CNTCD1.MMW

1,489 93 MB \Documents and Settings\Margaret Jacobs.UTAH-DESKTOP\Application Data\Thunderbird\Profiles\xgl03yw7.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox

6,805 429 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Local Settings\Application Data\Identities\{560738A7-84BD-4F7F-8F40-0F15E3514C20}\Microsoft\Outlook Express\Ken at Oracle - Inbox.dbx

 

----------------------

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:16:22 AM, on 8/31/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lantronix\Redirector\red32.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

F:\Programs\Apple iTunes\iTunesHelper.exe

F:\programs\Quicktime\qttask.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

F:\Programs\Sony Clie\Hotsync.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\WINDOWS\system32\taskmgr.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

F:\Programs\Mozilla\Firrefox\firefox.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FCC4-6ABE-4ECE-B524-9FB033B29323}: NameServer = 130.35.249.41,138.2.202.15

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 15098 bytes

Share this post


Link to post
Share on other sites

Hey Jedi ...

 

Just a few more words re performance. It's not that good. I have the Task Manager running, and can see a little window in the tray that shows when the system is pegged. It's typically not, but rtvscan.exe and services.exe seem to be up there too often. The performance can be very sluggish, particularly when opening new windows, switching tasks to one already open, and even right-clicking on a file name or task in a list. Sometimes the system just seems to hang and even the cursor disappears ...

 

Hmmm ....

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi again,

 

OK, none of these need to be running at startup:

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE

 

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

(I suggest you might want to uninstall Norton and replace it with something less resource-heavy (rtvscan.exe is part of Norton).

To fully remove Norton AntiVirus, you should go here and download the files and print the instructions for removal, and follow them:

How to uninstall Norton AntiVirus 2004/2005/2006 (note: this removes ALL Norton 2004/2005/2006 products from your computer, and also uninstalls Norton Ghost 10.0/9.0/2003)

How to uninstall Norton AntiVirus 2003 or Norton AntiVirus 2003 Professional Edition

How to uninstall Norton AntiVirus 2000/2001/2002)

 

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi ...

 

Followed your instructions. Below is the latest HJT log, done after a restart, with all browsers and windows closed.

 

Unfortunately, the system is still very slow. Booting takes a long, long time. Even switching tasks takes a long time. Same symptoms as before. Even when there appears to be a lot of system idle time, response is very sluggish. Have seen nmsrvc.exe and services.exe near the top of the cpu list. C

 

Perhaps more unfortunately, we now have to leave for home. We won't be back here until the very end of October. Can you please leave this thread open until we get back and can pick up where we are leaving off?

 

Thanks much ...

 

Ken

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:23:04 PM, on 9/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lantronix\Redirector\red32.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

F:\Programs\Apple iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

F:\Programs\Mozilla\Firrefox\firefox.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

F:\Programs\Sony Clie\Hotsync.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\WINDOWS\system32\taskmgr.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 15071 bytes

Share this post


Link to post
Share on other sites

Hi Ken,

 

Can you please leave this thread open until we get back and can pick up where we are leaving off?

 

Yes, of course. I'd like to see some specs for that PC next time round, it may be it simply can't cope well with the load on it. How old is it?

 

Anyhow, the thread will stay open, give me a shout when you're going there again.

 

jedi :)

Share this post


Link to post
Share on other sites

Thanks, Jedi ...

 

The machine is 5 years old, but is reasonably configured, I guess ... it's a Dell 4500 with 512MB (I could get more memory for it), a 2.26 GHz processor, and a 80BGB drive.

 

Thanks for keeping the thread open ... I'll ping you when we are back in Utah ...

 

Thanks for your help, as always!

 

Ken

Share this post


Link to post
Share on other sites

You're welcome. :)

 

The machine is 5 years old, but is reasonably configured, I guess ... it's a Dell 4500 with 512MB (I could get more memory for it), a 2.26 GHz processor, and a 80BGB drive.

Hmm, it should run better than it is.

 

jedi

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

[Reopened]

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites

Hi again Ken, I thought you'd disappeared for good.

 

OK, give me an update. :)

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi ... hope you're well. I've been traveling (work and vacation) and have only had time to visit my 2nd home for a short weekend that has now come to an end. I'll be back in two weeks, so you won't hear from me on this again until then, but here's the update ...

 

This PC's performance is terrible ...

  • Boot time is long, long, long (2+ minutes)
  • Starting a task takes a long time
  • Switching between tasks takes a long time
  • Sometimes I get window shadows if a drag a window around
  • There seems to be plenty (70, 80, 90%) of system idle time

I have ordered 2GB of memory to replace the 512MB there now, but it seems it should perform better than it is. I have run PCPITSTOP's analyzer and it seems to indicate the system performs relatively well on its benchmarks, but not when I'm really trying to use it.

 

The HiJackThis log is below. I hope to have time to work with you on this at the end of the month. Hope you can help.

 

Thanks again!

 

Ken

 

-------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:41:45 AM, on 10/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

C:\WINDOWS\Explorer.EXE

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Lantronix\Redirector\red32.exe

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Apple iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Media Player\WMPNSCFG.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

F:\Programs\Sony Clie\Hotsync.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\WINDOWS\system32\taskmgr.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

F:\Programs\Mozilla\Firrefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 13525 bytes

Share this post


Link to post
Share on other sites

OK Ken,

 

If you get the extra RAM installed and let me know if it still performs badly, we'll take it from there. You have quite a few programs running on it, and still have Norton I see, but we'll work on it when you next are there. I'll leave this open. :thumbsup:

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi ... IU'm here in Utah for a couple more days. Just installed the 2GB and it's working, but things are not better yet. Here's the latest HiJack This log ...

 

Hope you have some ideas ...

 

Ken

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:48:35 PM, on 10/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lantronix\Redirector\red32.exe

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

F:\Programs\Apple iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\iPod\bin\iPodService.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

F:\Programs\Sony Clie\Hotsync.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

F:\Programs\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

F:\Programs\Mozilla\Thunderbird\thunderbird.exe

F:\Programs\Mozilla\Firrefox\firefox.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FCC4-6ABE-4ECE-B524-9FB033B29323}: NameServer = 130.35.249.41,138.2.202.15

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 13698 bytes

Share this post


Link to post
Share on other sites

Hi Ken,

 

Do Start > Run and type in chkdsk /f

If the command line says volumes are in use, do you wish to schedule for next restart, type Y and hit enter, then restart and allow the disk check to run.

 

Let me know if this helps.

 

jedi

Share this post


Link to post
Share on other sites

I tried it, and haven't noticed much difference. I'm no longer in Utah, and won't be back until the end of November. However, then we will be there for an extended period of time, so please leave this open. I'll post a new note when I get back to Utah.

 

Thanks, Jedi.

 

Ken

Share this post


Link to post
Share on other sites

OK,

 

I have an idea what may help. :thumbsup:

 

jedi

Share this post


Link to post
Share on other sites

Thanks, Jedi ... you have me very curious! I can hardly wait to get back to Utah to fix that machine ... it will be the very last week of this month, if not a few days later. Thanks so much ... look forward to working with you on this ...

Share this post


Link to post
Share on other sites

OK, let me know when you're there.

 

jedi

Share this post


Link to post
Share on other sites

Hello Jedi! I am now here in Utah, and we will be here for most of the winter. I'm eager to work on the slow desktop.

 

Unfortunately there currently isn't a lot of snow, so I won't be skiing much for a while. Gives me a chance to catch up on m computers and stuff ...

 

Look forward to hearing from you!

 

Thanks

 

Ken

Share this post


Link to post
Share on other sites

By the way, here's the latest log ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:44:14 PM, on 12/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lantronix\Redirector\red32.exe

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Media Player\WMPNSCFG.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

F:\Programs\Mozilla\Firrefox\firefox.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

F:\Programs\Palm\HotSyncWizard.exe

F:\Programs\Palm\Hotsync.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 13541 bytes

Share this post


Link to post
Share on other sites

Hi again Ken,

 

OK, let's have a look at what's going on:

 

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me.

 

jedi

Share this post


Link to post
Share on other sites

Here we are ...http://www.pcpitstop.com/techexpress.asp?id=HUY8SWRMCXVSL0CV

 

Note that my drive is partitioned C: for Windows, F for applications, G for data, and H for photos and multimedia.

 

I'm still seeing the process services.exe using up a lot of CPU -- 40% or more -- and btwdins.exe another 30% or 40%. Total CPU use is currently 90-100%.

 

Still hangs and sluggish performance.

 

Thanks Jedi ... hope you can help!

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi,

 

It looks like this could be a bluetooth process looking for a device (btwdins.exe), I've seen this cause services.exe to run high before. A secondary problem may well be your disk set-up, some of those partitions are quite full.

Have a read about opinions on the Kensington Bluetooth USB Adapter

http://www.tonyspencer.com/2004/11/02/kens...dapter-reviews/

I suspect this may be the primary cause of your problems. Do you really need it, could you find a replacement?

 

Open HiJackThis, click on the Misc Tools section > Open Uninstall Manager > Save List and post that list here.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi! I think you've hit on a big improvement! I read the posts on the Bluetooth driver, and found that there was a new one here: http://us.kensington.com/html/1492.html. I installed it fine, and it works. And it SEEMS to be working better. The two processes btdwins and services are running, but at ZERO (virtually) CPU! This could be the major thing that was wrong as you say. I want to keep working with the computer for a few days before I'm fully convinced, but I'm very optimistic!

 

Thanks for all your help so far ... I'm VERY impressed :) and very grateful :thumbup: !

 

Ken

 

Here's the HijackThis listing you asked for ...

 

Able2Extract Professional v4.0

Ad-Aware SE Personal

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Help Center 2.0

Adobe Photoshop Elements 4.0

Adobe Reader 8.1.1

Adobe SVG Viewer 3.0

Adobe® Photoshop® Album Starter Edition 3.2

Agendus for Windows Palm Desktop Edition

Aspell English Dictionary-0.50-2

AudioEdit Deluxe

AXIS Media Control

CCleaner (remove only)

CDex extraction audio

Cisco Systems VPN Client 4.8.00.0440

Cisco VPN Client 4.8

Complete Audio Converter Pro 3.1.1

Conexant HSF V92 56K RTAD Speakerphone PCI Modem

Cypress USB Mass Storage Driver Installation

dBpowerAMP Music Converter

dBpowerAMP WMA V9.1 Codec

DC6 USB Transfer

Dell ResourceCD

DeviceInstaller

'Diff Doc'

Documents To Go

DVD Decrypter (Remove Only)

DVD Profiler Version 2.0.0

DVD Shrink 3.1.6

Easy CD Creator 5 Basic

Easy Hi-Q Converter 1.0

FreshDiagnose

Gaim (remove only)

GNU Aspell 0.50-3

Google Earth

Google Toolbar for Internet Explorer

GTK+ Runtime 2.6.9 rev a (remove only)

Handmark® Scrabble® for Palm OS

HijackThis 2.0.0

Hotfix for Windows Media Player 11 (KB939683)

HP Install Network Printer Wizard

hp instant support

hp officejet d series - 3

HP Photo Printing Software

HP Share-to-Web

IE7pro

Integrity Client

Intel® PRO Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java 2 Runtime Environment, SE v1.4.2_04

Java SE Runtime Environment 6 Update 1

Lantronix Redirector

LiveReg (Symantec Corporation)

LiveUpdate 3.0 (Symantec Corporation)

Macromedia Flash Player 8

Magic NetTrace 2.5.4

MARGI Presenter-to-Go

Maxtor OneTouch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0

Microsoft Baseline Security Analyzer 1.2.1

Microsoft Broadband Networking

Microsoft Data Access Components KB870669

Microsoft Office 2000 SR-1 Professional

Microsoft Office 2003 Resource Kit

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Media Content

Microsoft Office XP Small Business

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mirra 2.00.0006

Mozilla Firefox (2.0.0.8)

Mozilla Thunderbird (1.5.0.13)

MS Export

MSN

MSN Music Assistant

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

Musicmatch® Jukebox

MVP

Napster

Network Magic

NVIDIA Windows 2000/XP Display Drivers

OLYMPUS CAMEDIA Master 4.0

Omar Sharif Bridge

Oracle Web Conferencing Console

Paint Shop Pro 7

palmOne

PC Magazine Startup Cop Pro

PC Magazine TaskPower

PictureGear 4.4Lite

PodUtil 3.0.2

PowerDVD

PowerQuest PartitionMagic 8.0

ProntoEdit 4

QLink 3.3a

QLink 4.0

QLink 4.2

QLink 4.6

QLink 4.8

Quicken 2006

QuickTime

RealPlayer

RegCure 1.5.0.0

RokuRadioSnooper v2.18.01

Roxio Burn Engine

Santa Cruz

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Excel 2007 (KB936509)

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Office 2007 (KB934062)

Security Update for Office 2007 (KB936514)

Security Update for the 2007 Microsoft Office System (KB936960)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB943460)

Skype 3.0

Skype Plugin Manager

SlingPlayer

SmartSound Quicktracks Plugin

SoundCheck

SplashID

SplashID Standalone Installer

Spybot - Search & Destroy 1.4

Studio 8

Symantec AntiVirus

Symantec Antivirus 10.1.0

Tera Term Pro

The Tahiti Traveler

Tonto

Ufony

Update for Office 2007 (KB932080)

Update for Office 2007 (KB934391)

Update for Office 2007 (KB934393)

Update for Windows XP (KB933360)

Update for Windows XP (KB938828)

Update for Word 2007 (KB934173)

USB SM

USB Storage Adapter FX (SM1)

VisualMR

VisualMR

WebPoint

WIDCOMM Bluetooth Software

Windows Communication Foundation

Windows Driver Package - Pure Networks Address Resolution Protocol (ARP) Driver (11/09/2006 4.0.6313.0)

Windows Driver Package - Pure Networks NDIS Relay Protocol Driver (11/09/2006 4.0.6313.0)

Windows Genuine Advantage v1.3.0254.0

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Presentation Foundation

Windows Workflow Foundation

WinPcap 4.0

WinZip

WorldMate

XiVA MediaLoader 3.1

XiVA Producer 3.0

XiVA Server Utilities 2.0

Zinio Reader

Share this post


Link to post
Share on other sites

Jedi, things generally seem to be better, but I am still having some issues relating to re-installing sw. I don't want to bother you yet with those details, but I thought I'd send you the latest HT log ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:36:17 PM, on 12/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lantronix\Redirector\red32.exe

F:\Programs\Apple iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

F:\programs\Quicktime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\spider.exe

F:\Programs\Mozilla\Thunderbird\thunderbird.exe

F:\Programs\Mozilla\Firrefox\firefox.exe

F:\Programs\SplashID\SplashID Desktop.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\MsiExec.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Startup: palmOne Registration.lnk = F:\Programs\Palm\register.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = F:\Programs\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Programs\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Programs\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FCC4-6ABE-4ECE-B524-9FB033B29323}: NameServer = 130.35.249.41,138.2.202.15

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - c:\Program Files\Symantec\SPA\smc.exe

O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - c:\Program Files\Symantec\SPA\snac.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 14628 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Glad to hear things have improved. Hopefully they should stay that way. I can't see anything else on the uninstall list that would be slowing things down. Your Java is out of date though, the latest one is:

http://www.java.com/en/download/manual.jsp

here, Version 6 Update 3. When you've installed it, remove these:

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java 2 Runtime Environment, SE v1.4.2_04

Java™ SE Runtime Environment 6 Update 1

via Add/Remove Programs, as leaving the older versions on your PC leaves it vulnerable.

 

I am still having some issues relating to re-installing sw.

Sorry, not quite with you there.

 

jedi

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0