• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
logan

PC turns sluggish 10min after start up(hijack log)

10 posts in this topic

At my wits end here.

 

I THOUGHT I had a problem with my Promise RAID SATA 150 TX2plus controller card.

 

Approximately 5 to 10 minutes after I start my computer, I get the following message "Promise RAID Message Agent has encountered problems and must shut down." Then I get the option of sending an error report. After this shuts down, my computer runs extremely sluggishly.

 

Things I've tried:

 

*Shutting down computer. Unplugging computer. Starting it up again.

 

*Updating driver: My drivers are current. So there was nothing to update.

 

*Unplugged computer. Removed RAID card and inserted it again.

 

*Tried System Restore. But "can't system restore your computer because no changes have been made"

 

Promise's Support person told me to uninstall the Promise Array Managment application. I did and the message stopped, but the computer still runs sluggishly.

 

My computer is running Windows XP

Pentium 4 CPU 3.2GHz

1GB RAM

 

I am also encountering this message:

"Generic Host Process for Win32 Services has encountered a problem and needs to close"

Both the RAID and Win32 problems arose at the same time about two months ago.

 

I have scanned for viruses. I have run Ad Aware. There ARE a couple of adware programs on my system (namely, Save, WeatherCast, WhenU) because I occasionally use a filesharing program . I never had problems with it in the past.

 

I've included my Hijack This log in the hopes that might help someone analyze my problem. Thanks in advance.

 

Logfile of HijackThis v1.97.7

Scan saved at 3:16:56 PM, on 5/31/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\Save\Save.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant

 

Updater\RuLaunch.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Documents and Settings\dell\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =

 

http://www.dellnet.com/

O1 - Hosts: 127.0.0.0 localhost

O1 - Hosts: 127.0.0.2 auditmypc.com

O1 - Hosts: 127.0.0.3 boards.cexx.org

O1 - Hosts: 127.0.0.4 bulletproofsoft.net

O1 - Hosts: 127.0.0.5 camtech2000.net

O1 - Hosts: 127.0.0.6 cexx.org

O1 - Hosts: 127.0.0.7 computercops.us

O1 - Hosts: 127.0.0.8 ct7support.com

O1 - Hosts: 127.0.0.9 doxdesk.com

O1 - Hosts: 127.0.0.20 kellys-korner-xp.com

O1 - Hosts: 127.0.0.21 kephyr.com

O1 - Hosts: 127.0.0.22 lavasoft.de

O1 - Hosts: 127.0.0.23 lavasoftusa.com

O1 - Hosts: 127.0.0.24 lurkhere.com

O1 - Hosts: 127.0.0.25 majorgeeks.com

O1 - Hosts: 127.0.0.26 merijn.org

O1 - Hosts: 127.0.0.27 mjc1.com

O1 - Hosts: 127.0.0.28 moosoft.com

O1 - Hosts: 127.0.0.29 mvps.org

O1 - Hosts: 127.0.0.30 net-integration.net

O1 - Hosts: 127.0.0.31 noadware.net

O1 - Hosts: 127.0.0.32 no-spybot.com

O1 - Hosts: 127.0.0.33 onlinepcfix.com

O1 - Hosts: 127.0.0.34 pchell.com

O1 - Hosts: 127.0.0.35 pestpatrol.com

O1 - Hosts: 127.0.0.36 safer-networking.org

O1 - Hosts: 127.0.0.37 secure.spykiller.com

O1 - Hosts: 127.0.0.38 secureie.com

O1 - Hosts: 127.0.0.39 security.kolla.de

O1 - Hosts: 127.0.0.40 spybot.info

O1 - Hosts: 127.0.0.41 spychecker.com

O1 - Hosts: 127.0.0.42 spychecker.com

O1 - Hosts: 127.0.0.43 spycop.com

O1 - Hosts: 127.0.0.44 spyguard.com

O1 - Hosts: 127.0.0.45 spykiller.com

O1 - Hosts: 127.0.0.46 spyware.co.uk

O1 - Hosts: 127.0.0.47 spyware-cop.com

O1 - Hosts: 127.0.0.48 spywareinfo.com

O1 - Hosts: 127.0.0.49 spywarenuker.com

O1 - Hosts: 127.0.0.50 spywareremove.com

O1 - Hosts: 127.0.0.51 spywareremove.com

O1 - Hosts: 127.0.0.52 stopzillapro.com

O1 - Hosts: 127.0.0.53 sunbelt-software.com

O1 - Hosts: 127.0.0.54 thiefware.com

O1 - Hosts: 127.0.0.55 tomcoyote.org

O1 - Hosts: 127.0.0.56 unwantedlinks.com

O1 - Hosts: 127.0.0.57 webattack.com

O1 - Hosts: 127.0.0.58 wilders.org

O1 - Hosts: 127.0.0.59 www.auditmypc.com

O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net

O1 - Hosts: 127.0.0.61 www.cexx.org

O1 - Hosts: 127.0.0.62 www.computercops.us

O1 - Hosts: 127.0.0.63 www.ct7support.com

O1 - Hosts: 127.0.0.64 www.doxdesk.com

O1 - Hosts: 127.0.0.65 www.eblocs.com

O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com

O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com

O1 - Hosts: 127.0.0.68 www.free-web-browsers.com

O1 - Hosts: 127.0.0.69 www.grc.com

O1 - Hosts: 127.0.0.70 www.grisoft.com

O1 - Hosts: 127.0.0.71 www.hackfaq.org

O1 - Hosts: 127.0.0.72 www.hazeleger.net

O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com

O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com

O1 - Hosts: 127.0.0.75 www.kephyr.com

O1 - Hosts: 127.0.0.76 www.lavasoft.de

O1 - Hosts: 127.0.0.77 www.lavasoftusa.com

O1 - Hosts: 127.0.0.78 www.lurkhere.com

O1 - Hosts: 127.0.0.79 www.majorgeeks.com

O1 - Hosts: 127.0.0.80 www.merijn.org

O1 - Hosts: 127.0.0.81 www.mjc1.com

O1 - Hosts: 127.0.0.82 www.moosoft.com

O1 - Hosts: 127.0.0.83 www.mvps.org

O1 - Hosts: 127.0.0.84 www.net-integration.net

O1 - Hosts: 127.0.0.85 www.noadware.net

O1 - Hosts: 127.0.0.86 www.no-spybot.com

O1 - Hosts: 127.0.0.87 www.onlinepcfix.com

O1 - Hosts: 127.0.0.88 www.pchell.com

O1 - Hosts: 127.0.0.89 www.pestpatrol.com

O1 - Hosts: 127.0.0.90 www.safer-networking.org

O1 - Hosts: 127.0.0.91 www.secureie.com

O1 - Hosts: 127.0.0.92 www.security.kolla.de

O1 - Hosts: 127.0.0.93 www.spybot.info

O1 - Hosts: 127.0.0.94 www.spychecker.com

O1 - Hosts: 127.0.0.95 www.spychecker.com

O1 - Hosts: 127.0.0.96 www.spycop.com

O1 - Hosts: 127.0.0.97 www.spyguard.com

O1 - Hosts: 127.0.0.98 www.spykiller.com

O1 - Hosts: 127.0.0.99 www.spyware.co.uk

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

 

C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

 

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB}

 

- C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

 

Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

 

Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround

 

Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program

 

Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

 

5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft

 

Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common

 

Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

 

-atboottime

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared

 

Components\Guardian\CMGRDIAN.EXE" /SU

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe

 

-tray

O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg

O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScan\hpsjbmgr.exe

O4 - HKLM\..\Run: [MaxtorOneTouch]

 

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program

 

Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe"

 

/STARTMONITOR

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

 

Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

 

Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

 

Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &iSearch The Web -

 

res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

 

http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

 

http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update

 

Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

 

http://a1540.g.akamai.net/7/1540/52/200305.../bonnie/us/win/

 

QuickTimeInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

 

http://a840.g.akamai.net/7/840/537/2004033.../housecall/xsca

 

n53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

 

http://v4.windowsupdate.microsoft.com/CAB/...B?37926.8360185

 

185

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

 

Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

hijackthis.log

Share this post


Link to post
Share on other sites

You have a bunch of junk on there that isn't going to help matters.

 

Click here to download Spybot Search & Destroy - install, update, scan and fix all RED items it finds. Reboot when done.

 

Set your AAW up like this - before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

 

Reboot when done. Rescan with HJT and post a new log here so that any remnants can be removed manually.

Share this post


Link to post
Share on other sites

Thanks Daemon. I followed your instructions. The new Hijack log is below.

system:

2*Pentium 4 3200MHz

1.02 Gb (1 047 536 Kb) SDRAM

128MB DDR ATI Radeon 9800 Pro

Creative Audigy Audio Processor

Windows XP Home Edition U.S. English 5.1 (build 2600 Service Pack 1)

 

Logfile of HijackThis v1.97.7

Scan saved at 7:29:49 PM, on 5/31/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Documents and Settings\dell\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/

O1 - Hosts: 127.0.0.0 localhost

O1 - Hosts: 127.0.0.2 auditmypc.com

O1 - Hosts: 127.0.0.3 boards.cexx.org

O1 - Hosts: 127.0.0.4 bulletproofsoft.net

O1 - Hosts: 127.0.0.5 camtech2000.net

O1 - Hosts: 127.0.0.6 cexx.org

O1 - Hosts: 127.0.0.7 computercops.us

O1 - Hosts: 127.0.0.8 ct7support.com

O1 - Hosts: 127.0.0.9 doxdesk.com

O1 - Hosts: 127.0.0.20 kellys-korner-xp.com

O1 - Hosts: 127.0.0.21 kephyr.com

O1 - Hosts: 127.0.0.22 lavasoft.de

O1 - Hosts: 127.0.0.23 lavasoftusa.com

O1 - Hosts: 127.0.0.24 lurkhere.com

O1 - Hosts: 127.0.0.25 majorgeeks.com

O1 - Hosts: 127.0.0.26 merijn.org

O1 - Hosts: 127.0.0.27 mjc1.com

O1 - Hosts: 127.0.0.28 moosoft.com

O1 - Hosts: 127.0.0.29 mvps.org

O1 - Hosts: 127.0.0.30 net-integration.net

O1 - Hosts: 127.0.0.31 noadware.net

O1 - Hosts: 127.0.0.32 no-spybot.com

O1 - Hosts: 127.0.0.33 onlinepcfix.com

O1 - Hosts: 127.0.0.34 pchell.com

O1 - Hosts: 127.0.0.35 pestpatrol.com

O1 - Hosts: 127.0.0.36 safer-networking.org

O1 - Hosts: 127.0.0.37 secure.spykiller.com

O1 - Hosts: 127.0.0.38 secureie.com

O1 - Hosts: 127.0.0.39 security.kolla.de

O1 - Hosts: 127.0.0.40 spybot.info

O1 - Hosts: 127.0.0.41 spychecker.com

O1 - Hosts: 127.0.0.42 spychecker.com

O1 - Hosts: 127.0.0.43 spycop.com

O1 - Hosts: 127.0.0.44 spyguard.com

O1 - Hosts: 127.0.0.45 spykiller.com

O1 - Hosts: 127.0.0.46 spyware.co.uk

O1 - Hosts: 127.0.0.47 spyware-cop.com

O1 - Hosts: 127.0.0.48 spywareinfo.com

O1 - Hosts: 127.0.0.49 spywarenuker.com

O1 - Hosts: 127.0.0.50 spywareremove.com

O1 - Hosts: 127.0.0.51 spywareremove.com

O1 - Hosts: 127.0.0.52 stopzillapro.com

O1 - Hosts: 127.0.0.53 sunbelt-software.com

O1 - Hosts: 127.0.0.54 thiefware.com

O1 - Hosts: 127.0.0.55 tomcoyote.org

O1 - Hosts: 127.0.0.56 unwantedlinks.com

O1 - Hosts: 127.0.0.57 webattack.com

O1 - Hosts: 127.0.0.58 wilders.org

O1 - Hosts: 127.0.0.59 www.auditmypc.com

O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net

O1 - Hosts: 127.0.0.61 www.cexx.org

O1 - Hosts: 127.0.0.62 www.computercops.us

O1 - Hosts: 127.0.0.63 www.ct7support.com

O1 - Hosts: 127.0.0.64 www.doxdesk.com

O1 - Hosts: 127.0.0.65 www.eblocs.com

O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com

O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com

O1 - Hosts: 127.0.0.68 www.free-web-browsers.com

O1 - Hosts: 127.0.0.69 www.grc.com

O1 - Hosts: 127.0.0.70 www.grisoft.com

O1 - Hosts: 127.0.0.71 www.hackfaq.org

O1 - Hosts: 127.0.0.72 www.hazeleger.net

O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com

O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com

O1 - Hosts: 127.0.0.75 www.kephyr.com

O1 - Hosts: 127.0.0.76 www.lavasoft.de

O1 - Hosts: 127.0.0.77 www.lavasoftusa.com

O1 - Hosts: 127.0.0.78 www.lurkhere.com

O1 - Hosts: 127.0.0.79 www.majorgeeks.com

O1 - Hosts: 127.0.0.80 www.merijn.org

O1 - Hosts: 127.0.0.81 www.mjc1.com

O1 - Hosts: 127.0.0.82 www.moosoft.com

O1 - Hosts: 127.0.0.83 www.mvps.org

O1 - Hosts: 127.0.0.84 www.net-integration.net

O1 - Hosts: 127.0.0.85 www.noadware.net

O1 - Hosts: 127.0.0.86 www.no-spybot.com

O1 - Hosts: 127.0.0.87 www.onlinepcfix.com

O1 - Hosts: 127.0.0.88 www.pchell.com

O1 - Hosts: 127.0.0.89 www.pestpatrol.com

O1 - Hosts: 127.0.0.90 www.safer-networking.org

O1 - Hosts: 127.0.0.91 www.secureie.com

O1 - Hosts: 127.0.0.92 www.security.kolla.de

O1 - Hosts: 127.0.0.93 www.spybot.info

O1 - Hosts: 127.0.0.94 www.spychecker.com

O1 - Hosts: 127.0.0.95 www.spychecker.com

O1 - Hosts: 127.0.0.96 www.spycop.com

O1 - Hosts: 127.0.0.97 www.spyguard.com

O1 - Hosts: 127.0.0.98 www.spykiller.com

O1 - Hosts: 127.0.0.99 www.spyware.co.uk

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE" /SU

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg

O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScan\hpsjbmgr.exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7926.8360185185

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

hijackthis2.txt

Share this post


Link to post
Share on other sites

Could you click here to download CWShredder by Merijn Bellekom and run it, hit 'fix' as opposed to 'scan only'. Reboot when done.

 

Create a new folder called C:\HijackThis, move the HijackThis.exe file into the new folder and run it from there. This is necessary to ensure you have backups should anything go wrong.

 

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries (if still there) by checking the box to the left and clicking 'fixed checked':

 

All the O1 entries

 

O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg

 

Reboot when done, rescan with HJT and post a new log here for a final check over.

Share this post


Link to post
Share on other sites

CWShredder took care of a few things I didn't even know I had. Thanks. Here's the new log. The sluggishness remains however. So too does this error: Generic Host Process for Win32 Services has encountered a problem and needs to close.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:07:01 AM, on 6/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE" /SU

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScan\hpsjbmgr.exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &iSearch The Web -

res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/200305...m/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...om/housecall/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...AB?37926.8360185185

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Your log is clean now so malware isn't the problem.

 

Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. Repeat for all log-in accounts on your computer.

 

If it's still the same, could you try disconnecting your peripherals, scanners etc to see if one of those is the cause of the error message.

Share this post


Link to post
Share on other sites

Yes, I routinely clear out those files. I also should have mentioned earlier that I've removed various peripherals to see if that had any effect. It had none.

 

I have backups of everything and I am seriously leaning towards reformatting the drive and starting over. Do you think that's an appropriate action at this point? Or is it too drastic?

 

EDIT: By the way, Daemon, I want to thank you for all your help so far. I really appreciate it.

Edited by logan

Share this post


Link to post
Share on other sites

Still feels a bit drastic at the moment. Whilst it's running sluggishly, have a look via Task Manager to see what processes are using the cpu/memory. Have you tried using msconfig and working through your loaded applications, disabling them to see if that helps? Does the problem occur when online or at anytime? Do you get any other details when it wants to close that process - filename etc?

Share this post


Link to post
Share on other sites

Disabled language toolbar via control panel.

Disabled a few rather useless programs that loaded on start up.

System seems to be running a lot more smoothly. I will know for sure tomorrow.

 

The odd thing is that even when the computer was audibly chugging along, the Task Manager CPU performance registered consistently between 5 and 15 percent. According to Task Manager Processes window, usage of the CPU and memory is very low.

Share this post


Link to post
Share on other sites

UPDATE:

And of course the problem remains.

 

Generic Host Process for Win32 Services has encountered a problem and needs to close.

szAppName : szAppVer : 0.0.0.0 szModName : unknown

szModVer : 0.0.0.0 offset : 00000000

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0