Jump to content


Photo

Two PCs infected ... let's work on the first


  • This topic is locked This topic is locked
79 replies to this topic

#51 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 31 August 2007 - 01:35 AM

Hi Jedi, thanks for the batch of things to do. Here's the logs ...

Dr. CureIt
hwtest.dll;C:\Program Files\Modem Helper;Probably BACKDOOR.Trojan;Incurable.Moved.;
ApplicationInstaller.exe;F:\Downloads\Oracle Downloads\AppInstaller;Trojan.PWS.TOnline;Deleted.;
SymantecAntiVirus.exe;F:\Downloads\Oracle Downloads\Symantec Anti Virus;Trojan.PWS.TOnline;Deleted.;
hwtest.dll;F:\Programs\Stuff from c-programs Sept 2005\Modem Helper;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0109461.exe;F:\System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP674;Trojan.PWS.TOnline;Deleted.;
A0109462.exe;F:\System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP674;Trojan.PWS.TOnline;Deleted.;

Here's the ComboFix log (note, tho, there were some messages about "unsuccessful" at the start, and then "access denied" at the end. I have ZoneLabs firewall running, and killed it after the reboot ComboFix caused. Eventually ComboFix produced this log:

ComboFix 07-08-30.3 - "Ken Jacobs" 2007-08-31 0:13:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.121 [GMT -6:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\KENJAC~1.UTA\Desktop\internet explorer.lnk
C:\DOCUME~1\MARGAR~1.UTA\Desktop\internet.lnk
C:\WINDOWS\DOWNLO~1\cnsload-3.0.3.406.dll
C:\WINDOWS\DOWNLO~1\cnsload.inf
C:\WINDOWS\system32\instsrv.exe


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-31 00:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 18:18 <DIR> d-------- C:\DOCUME~1\KENJAC~1.UTA\DoctorWeb
2007-08-30 18:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2007-08-30 03:09 <DIR> d-------- C:\Program Files\MSXML 6.0


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 18:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-30 18:06 --------- d-------- C:\Program Files\AIM95
2007-08-30 03:02 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 00:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 07:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 04:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-01-01 18:10 2 --a------ C:\Program Files\mshexc.bmp
2003-08-27 14:19 36963 -----c--- C:\Program Files\Common Files\SM1updtr.dll
2001-08-18 12:00:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:43 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 16:19]
"LantronixRedirector"="C:\Program Files\Lantronix\Redirector\red32.exe" [2001-05-29 04:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"Zone Labs Client"="C:\Program Files\Zone Labs\Integrity Client\iclient.exe" [2004-04-21 04:40]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-09 14:56]
"iTunesHelper"="F:\Programs\Apple iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="F:\programs\Quicktime\qttask.exe" [2006-07-01 13:01]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2003-07-28 16:19 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2006-05-27 02:40]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-11-04 16:15]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-08-31 12:00:12]

C:\DOCUME~1\KENJAC~1.UTA\STARTM~1\Programs\Startup\
palmOne Registration.lnk - F:\Programs\Sony Clie\register.exe [2005-09-19 14:20:36]

C:\DOCUME~1\KENJAC~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-08-31 12:00:12]
HotSync Manager.lnk - F:\Programs\Sony Clie\HOTSYNC.EXE [2004-06-09 15:27:34]

C:\DOCUME~1\MARGAR~1.UTA\STARTM~1\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - F:\Programs\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 AutoExNT;AutoExNT;C:\WINDOWS\system32\AutoExNT.Exe
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 MyDesktopWindows;MyDesktopService;C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
R2 pnarp;Pure Networks Address Resolution Protocol;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Pure Networks NDIS Relay Protocol Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 QOSMyDesktop;QOS MyDesktop;C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
R2 Stltrk2k;Stltrk2k;C:\WINDOWS\system32\drivers\Stltrk2k.sys
R2 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 dsdd;dsdd;C:\WINDOWS\system32\DRIVERS\dsvideo.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys
S2 BulkUsb;BulkUsb.Sys DC6-1000 driver;C:\WINDOWS\system32\Drivers\BULKUSB.sys
S3 ATP80;Array Networks VPN Adapter80;C:\WINDOWS\system32\DRIVERS\atpdrvr3,0,1,9.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 MaxtorFrontPanel1;Maxtor 1394 Storage Front Panel Driver;C:\WINDOWS\system32\DRIVERS\mxofwfp.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 powerfil;powerfil;C:\WINDOWS\system32\DRIVERS\powerfil.sys
S3 PowerFile;PowerFile;C:\WINDOWS\system32\DRIVERS\C200.sys
S4 Mirra.Service;MirraSync Service;"f:\programs\mirra\mirra.service.exe"
S4 Mirra.Watchdog;Mirra Watchdog Service;f:\programs\mirra\mirra.watchdog.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 00:20:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-31 0:26:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:25

--- E O F ---

Ran CCleaner ...

#52 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 31 August 2007 - 01:42 AM

... huge log from CCleaner. I have saved it but didn't post it since you didn't say you wanted it.

Now going to run (and reboot for) Error checking on Disk C: ... be right back ...

#53 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 31 August 2007 - 03:28 AM

Hi again,

huge log from CCleaner. I have saved it but didn't post it since you didn't say you wanted it.

No I don't need to see it, as long as it's done the job.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#54 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 31 August 2007 - 05:55 PM

Error checking on the disk tgook a long time, but completed successfully. Ran Defrag too, and it completed, but there were many files that could not be defragmented. See report below ...

Performance is "ok", but booting takes a fairly long time. Haven't been on the system really enough to tell. Navigating around with the file explorer is a little slow sometimes. Below is the HijackThis report:

Thanks again!

Ken

Volume Windows XP Pro (C:)
Volume size = 12.71 GB
Cluster size = 4 KB
Used space = 11.28 GB
Free space = 1.43 GB
Percent free space = 11 %

Volume fragmentation
Total fragmentation = 36 %
File fragmentation = 61 %
Free space fragmentation = 12 %

File fragmentation
Total files = 60,842
Average file size = 259 KB
Total fragmented files = 5,324
Total excess fragments = 138,636
Average fragments per file = 3.27

Pagefile fragmentation
Pagefile size = 766 MB
Total fragments = 30,304

Folder fragmentation
Total folders = 6,313
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 145 MB
MFT record count = 67,931
Percent MFT in use = 45 %
Total MFT fragments = 664

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
446 2 MB \WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\inetcpl.cpl
431 2 MB \WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieapfltr.dat
638 2 MB \Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks\Network Magic\Log\nminstall_0.txt
797 3 MB \WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mshtml.dll
911 6 MB \WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieframe.dll
632 6 MB \WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieframe.dll
381 12 MB \DELL\Drivers\R40090\setup.exe
402 16 MB \WINDOWS\Installer\1d45ee6b.msp
1,429 16 MB \WINDOWS\system32\MRT.exe
1,952 24 MB \WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
1,631 24 MB \WINDOWS\Downloaded Installations\{A4CF9831-FD5C-4A87-9FA0-7049F0D00128}\SlingPlayer.msi
393 25 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Local Settings\Application Data\Identities\{560738A7-84BD-4F7F-8F40-0F15E3514C20}\Microsoft\Outlook Express\Inbox.dbx
404 25 MB \Program Files\Pinnacle\Studio 8\programs\ResCom1024.dll
747 32 MB \Program Files\Java\jre1.5.0_06\lib\rt.jar
747 32 MB \Program Files\Java\jre1.5.0_09\lib\rt.jar
538 33 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Thunderbird\Profiles\x1bh07e8.default\Mail\Local Folders\Inbox
387 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP675\snapshot\_REGISTRY_MACHINE_SOFTWARE
538 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP668\snapshot\_REGISTRY_MACHINE_SOFTWARE
537 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP669\snapshot\_REGISTRY_MACHINE_SOFTWARE
510 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP670\snapshot\_REGISTRY_MACHINE_SOFTWARE
546 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP671\snapshot\_REGISTRY_MACHINE_SOFTWARE
673 34 MB \System Volume Information\_restore{86FA4AD6-8646-4DBA-97E4-EEF54CEAA2DF}\RP672\snapshot\_REGISTRY_MACHINE_SOFTWARE
826 34 MB \Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks\Network Magic\NmSetup\NmSetupInstaller_0.msi
3,767 42 MB \WINDOWS\Downloaded Installations\{52D4CFE8-5982-4218-ABB2-B1AE1AF6297A}\SlingPlayer.msi
421 52 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\OfficeUpdate12\Cabs\511974\511974.MAINSP3ff.cab
1,034 53 MB \Documents and Settings\Margaret Jacobs.UTAH-DESKTOP\Local Settings\Application Data\Identities\{0152C288-5C4B-4AFE-8B68-29EC78F74E53}\Microsoft\Outlook Express\Sent Items.dbx
1,156 54 MB \WINDOWS\Installer\e70a7.msp
382 64 MB \Program Files\Microsoft Office\MEDIA\CntCD1\CNTCD1.MMW
1,489 93 MB \Documents and Settings\Margaret Jacobs.UTAH-DESKTOP\Application Data\Thunderbird\Profiles\xgl03yw7.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox
6,805 429 MB \Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Local Settings\Application Data\Identities\{560738A7-84BD-4F7F-8F40-0F15E3514C20}\Microsoft\Outlook Express\Ken at Oracle - Inbox.dbx

----------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:16:22 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lantronix\Redirector\red32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\Programs\Apple iTunes\iTunesHelper.exe
F:\programs\Quicktime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
F:\Programs\Sony Clie\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Programs\Mozilla\Firrefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FCC4-6ABE-4ECE-B524-9FB033B29323}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15098 bytes

#55 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 31 August 2007 - 06:37 PM

Hey Jedi ...

Just a few more words re performance. It's not that good. I have the Task Manager running, and can see a little window in the tray that shows when the system is pegged. It's typically not, but rtvscan.exe and services.exe seem to be up there too often. The performance can be very sluggish, particularly when opening new windows, switching tasks to one already open, and even right-clicking on a file name or task in a list. Sometimes the system just seems to hang and even the cursor disappears ...

Hmmm ....

Ken

Edited by Ken Jacobs, 31 August 2007 - 06:45 PM.


#56 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 01 September 2007 - 10:28 AM

Hi again,

OK, none of these need to be running at startup:

Scan with HiJackThis and put a check in the box next to the following items;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE



Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

(I suggest you might want to uninstall Norton and replace it with something less resource-heavy (rtvscan.exe is part of Norton).
To fully remove Norton AntiVirus, you should go here and download the files and print the instructions for removal, and follow them:
How to uninstall Norton AntiVirus 2004/2005/2006 (note: this removes ALL Norton 2004/2005/2006 products from your computer, and also uninstalls Norton Ghost 10.0/9.0/2003)
How to uninstall Norton AntiVirus 2003 or Norton AntiVirus 2003 Professional Edition
How to uninstall Norton AntiVirus 2000/2001/2002)


Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#57 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 01 September 2007 - 03:29 PM

Hi Jedi ...

Followed your instructions. Below is the latest HJT log, done after a restart, with all browsers and windows closed.

Unfortunately, the system is still very slow. Booting takes a long, long time. Even switching tasks takes a long time. Same symptoms as before. Even when there appears to be a lot of system idle time, response is very sluggish. Have seen nmsrvc.exe and services.exe near the top of the cpu list. C

Perhaps more unfortunately, we now have to leave for home. We won't be back here until the very end of October. Can you please leave this thread open until we get back and can pick up where we are leaving off?

Thanks much ...

Ken


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:23:04 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lantronix\Redirector\red32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
F:\Programs\Apple iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Programs\Mozilla\Firrefox\firefox.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
F:\Programs\Sony Clie\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15071 bytes

#58 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 02 September 2007 - 04:44 AM

Hi Ken,

Can you please leave this thread open until we get back and can pick up where we are leaving off?


Yes, of course. I'd like to see some specs for that PC next time round, it may be it simply can't cope well with the load on it. How old is it?

Anyhow, the thread will stay open, give me a shout when you're going there again.

jedi :)
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#59 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 02 September 2007 - 03:16 PM

Thanks, Jedi ...

The machine is 5 years old, but is reasonably configured, I guess ... it's a Dell 4500 with 512MB (I could get more memory for it), a 2.26 GHz processor, and a 80BGB drive.

Thanks for keeping the thread open ... I'll ping you when we are back in Utah ...

Thanks for your help, as always!

Ken

#60 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 02 September 2007 - 04:44 PM

You're welcome. :)

The machine is 5 years old, but is reasonably configured, I guess ... it's a Dell 4500 with 512MB (I could get more memory for it), a 2.26 GHz processor, and a 80BGB drive.

Hmm, it should run better than it is.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#61 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 16 September 2007 - 08:44 AM

Since the issue appears to be resolved this Topic is closed.

[Reopened]

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#62 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 October 2007 - 10:03 AM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#63 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 October 2007 - 12:05 PM

Hi again Ken, I thought you'd disappeared for good.

OK, give me an update. :)

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#64 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 16 October 2007 - 01:48 AM

Hi Jedi ... hope you're well. I've been traveling (work and vacation) and have only had time to visit my 2nd home for a short weekend that has now come to an end. I'll be back in two weeks, so you won't hear from me on this again until then, but here's the update ...

This PC's performance is terrible ...
  • Boot time is long, long, long (2+ minutes)
  • Starting a task takes a long time
  • Switching between tasks takes a long time
  • Sometimes I get window shadows if a drag a window around
  • There seems to be plenty (70, 80, 90%) of system idle time
I have ordered 2GB of memory to replace the 512MB there now, but it seems it should perform better than it is. I have run PCPITSTOP's analyzer and it seems to indicate the system performs relatively well on its benchmarks, but not when I'm really trying to use it.

The HiJackThis log is below. I hope to have time to work with you on this at the end of the month. Hope you can help.

Thanks again!

Ken

-------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:41:45 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
C:\WINDOWS\Explorer.EXE
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Lantronix\Redirector\red32.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Apple iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
F:\Programs\Sony Clie\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
F:\Programs\Mozilla\Firrefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13525 bytes

#65 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 16 October 2007 - 10:00 AM

OK Ken,

If you get the extra RAM installed and let me know if it still performs badly, we'll take it from there. You have quite a few programs running on it, and still have Norton I see, but we'll work on it when you next are there. I'll leave this open. :thumbsup:

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#66 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 27 October 2007 - 01:51 PM

Hi Jedi ... IU'm here in Utah for a couple more days. Just installed the 2GB and it's working, but things are not better yet. Here's the latest HiJack This log ...

Hope you have some ideas ...

Ken

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:48:35 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lantronix\Redirector\red32.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
F:\Programs\Apple iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
F:\Programs\Sony Clie\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
F:\Programs\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
F:\Programs\Mozilla\Thunderbird\thunderbird.exe
F:\Programs\Mozilla\Firrefox\firefox.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FCC4-6ABE-4ECE-B524-9FB033B29323}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13698 bytes

#67 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 27 October 2007 - 02:16 PM

Hi Ken,

Do Start > Run and type in chkdsk /f
If the command line says volumes are in use, do you wish to schedule for next restart, type Y and hit enter, then restart and allow the disk check to run.

Let me know if this helps.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#68 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 30 October 2007 - 01:24 PM

I tried it, and haven't noticed much difference. I'm no longer in Utah, and won't be back until the end of November. However, then we will be there for an extended period of time, so please leave this open. I'll post a new note when I get back to Utah.

Thanks, Jedi.

Ken

#69 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 October 2007 - 04:58 PM

OK,

I have an idea what may help. :thumbsup:

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#70 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 03 November 2007 - 05:29 PM

Thanks, Jedi ... you have me very curious! I can hardly wait to get back to Utah to fix that machine ... it will be the very last week of this month, if not a few days later. Thanks so much ... look forward to working with you on this ...

#71 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 November 2007 - 05:56 AM

OK, let me know when you're there.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#72 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 04 December 2007 - 02:52 PM

Hello Jedi! I am now here in Utah, and we will be here for most of the winter. I'm eager to work on the slow desktop.

Unfortunately there currently isn't a lot of snow, so I won't be skiing much for a while. Gives me a chance to catch up on m computers and stuff ...

Look forward to hearing from you!

Thanks

Ken

#73 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 04 December 2007 - 07:44 PM

By the way, here's the latest log ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:44:14 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lantronix\Redirector\red32.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
F:\Programs\Mozilla\Firrefox\firefox.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe
F:\Programs\Palm\HotSyncWizard.exe
F:\Programs\Palm\Hotsync.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13541 bytes

#74 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 December 2007 - 07:44 AM

Hi again Ken,

OK, let's have a look at what's going on:

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#75 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 06 December 2007 - 08:07 PM

Here we are ...http://www.pcpitstop.com/techexpress.asp?id=HUY8SWRMCXVSL0CV

Note that my drive is partitioned C: for Windows, F for applications, G for data, and H for photos and multimedia.

I'm still seeing the process services.exe using up a lot of CPU -- 40% or more -- and btwdins.exe another 30% or 40%. Total CPU use is currently 90-100%.

Still hangs and sluggish performance.

Thanks Jedi ... hope you can help!

Ken

Edited by Ken Jacobs, 06 December 2007 - 08:11 PM.


#76 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 December 2007 - 06:05 AM

Hi,

It looks like this could be a bluetooth process looking for a device (btwdins.exe), I've seen this cause services.exe to run high before. A secondary problem may well be your disk set-up, some of those partitions are quite full.
Have a read about opinions on the Kensington Bluetooth USB Adapter
http://www.tonyspenc...dapter-reviews/
I suspect this may be the primary cause of your problems. Do you really need it, could you find a replacement?

Open HiJackThis, click on the Misc Tools section > Open Uninstall Manager > Save List and post that list here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#77 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 08 December 2007 - 03:26 PM

Hi Jedi! I think you've hit on a big improvement! I read the posts on the Bluetooth driver, and found that there was a new one here: http://us.kensington.../html/1492.html. I installed it fine, and it works. And it SEEMS to be working better. The two processes btdwins and services are running, but at ZERO (virtually) CPU! This could be the major thing that was wrong as you say. I want to keep working with the computer for a few days before I'm fully convinced, but I'm very optimistic!

Thanks for all your help so far ... I'm VERY impressed :) and very grateful :thumbup: !

Ken

Here's the HijackThis listing you asked for ...

Able2Extract Professional v4.0
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 8.1.1
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Agendus for Windows Palm Desktop Edition
Aspell English Dictionary-0.50-2
AudioEdit Deluxe
AXIS Media Control
CCleaner (remove only)
CDex extraction audio
Cisco Systems VPN Client 4.8.00.0440
Cisco VPN Client 4.8
Complete Audio Converter Pro 3.1.1
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Cypress USB Mass Storage Driver Installation
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
DC6 USB Transfer
Dell ResourceCD
DeviceInstaller
'Diff Doc'
Documents To Go
DVD Decrypter (Remove Only)
DVD Profiler Version 2.0.0
DVD Shrink 3.1.6
Easy CD Creator 5 Basic
Easy Hi-Q Converter 1.0
FreshDiagnose
Gaim (remove only)
GNU Aspell 0.50-3
Google Earth
Google Toolbar for Internet Explorer
GTK+ Runtime 2.6.9 rev a (remove only)
Handmark® Scrabble® for Palm OS
HijackThis 2.0.0
Hotfix for Windows Media Player 11 (KB939683)
HP Install Network Printer Wizard
hp instant support
hp officejet d series - 3
HP Photo Printing Software
HP Share-to-Web
IE7pro
Integrity Client
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java™ SE Runtime Environment 6 Update 1
Lantronix Redirector
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Magic NetTrace 2.5.4
MARGI Presenter-to-Go
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Broadband Networking
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2003 Resource Kit
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mirra 2.00.0006
Mozilla Firefox (2.0.0.8)
Mozilla Thunderbird (1.5.0.13)
MS Export
MSN
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
MVP
Napster
Network Magic
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.0
Omar Sharif Bridge
Oracle Web Conferencing Console
Paint Shop Pro 7
palmOne
PC Magazine Startup Cop Pro
PC Magazine TaskPower
PictureGear 4.4Lite
PodUtil 3.0.2
PowerDVD
PowerQuest PartitionMagic 8.0
ProntoEdit 4
QLink 3.3a
QLink 4.0
QLink 4.2
QLink 4.6
QLink 4.8
Quicken 2006
QuickTime
RealPlayer
RegCure 1.5.0.0
RokuRadioSnooper v2.18.01
Roxio Burn Engine
Santa Cruz
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Skype 3.0
Skype Plugin Manager
SlingPlayer
SmartSound Quicktracks Plugin
SoundCheck
SplashID
SplashID Standalone Installer
Spybot - Search & Destroy 1.4
Studio 8
Symantec AntiVirus
Symantec Antivirus 10.1.0
Tera Term Pro
The Tahiti Traveler
Tonto
Ufony
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
USB SM
USB Storage Adapter FX (SM1)
VisualMR
VisualMR
WebPoint
WIDCOMM Bluetooth Software
Windows Communication Foundation
Windows Driver Package - Pure Networks Address Resolution Protocol (ARP) Driver (11/09/2006 4.0.6313.0)
Windows Driver Package - Pure Networks NDIS Relay Protocol Driver (11/09/2006 4.0.6313.0)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
WinPcap 4.0
WinZip
WorldMate
XiVA MediaLoader 3.1
XiVA Producer 3.0
XiVA Server Utilities 2.0
Zinio Reader

#78 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 08 December 2007 - 07:37 PM

Jedi, things generally seem to be better, but I am still having some issues relating to re-installing sw. I don't want to bother you yet with those details, but I thought I'd send you the latest HT log ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:36:17 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lantronix\Redirector\red32.exe
F:\Programs\Apple iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
F:\programs\Quicktime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spider.exe
F:\Programs\Mozilla\Thunderbird\thunderbird.exe
F:\Programs\Mozilla\Firrefox\firefox.exe
F:\Programs\SplashID\SplashID Desktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: palmOne Registration.lnk = F:\Programs\Palm\register.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Programs\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Programs\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Programs\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FCC4-6ABE-4ECE-B524-9FB033B29323}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - c:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - c:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14628 bytes

#79 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 December 2007 - 04:04 AM

Hi again,

Glad to hear things have improved. Hopefully they should stay that way. I can't see anything else on the uninstall list that would be slowing things down. Your Java is out of date though, the latest one is:
http://www.java.com/...load/manual.jsp
here, Version 6 Update 3. When you've installed it, remove these:
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java™ SE Runtime Environment 6 Update 1

via Add/Remove Programs, as leaving the older versions on your PC leaves it vulnerable.

I am still having some issues relating to re-installing sw.

Sorry, not quite with you there.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#80 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 January 2008 - 05:46 PM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button