WindowsXP computer running VERY slow. - Page 2

Seadog · 05-01-2005, 05:28 PM

Thank you for your continued help!! Please see items below.

1) Here is my TDS-3 log: (there was nothing in the "alarms" window)

09:56:40 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
09:56:40 [Init] Started 01-05-05 09:56:40 (UTC: 5), Internet Time @622.69
09:56:40 [Init] Loading TDS-3 Systems ...
09:56:40 [Init] Token successfully adjusted.
09:56:40 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
09:56:42 [Init] • Plugins : OK. Loaded 13
09:56:43 [Init] • Exec Protection : Not Installed
09:56:43 [Init] WARNING: Your Radius.TD3 database needs to be updated!
09:56:43 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
09:56:43 [Init] Licensed users can use the Update facility from the TDS menu
09:56:43 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
09:57:00 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
09:57:00 [Init] • Systems Initialised [53638 references - 27561 primaries/13851 traces/12226 variants/other]
09:57:00 [Init] Radius Systems loaded. <Databases updated 01-05-2005>
09:57:01 [Init] TDS-3 Ready. <Scott seaman@70.187.219.175, 127.0.0.1 - ??>
09:57:01 [Tip Of The Day] Did you know? - TDS-3 is the only anti-trojan system that can detect trojans by scanning for the memory-resident mutexes that they use.
09:57:01 [Init] NOTICE A change has been detected in the autostart registry. Press Ctrl+A to view the autostart registry
09:57:01 [TDS] Good morning Scott seaman.
09:57:17 [Mutex Memory Scan] Started...
09:57:19 [Mutex Memory Scan] Finished (no trojan mutexes found).
09:57:19 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
09:57:31 [CRC32] Started - verifying 29 files ...
09:57:35 [CRC32] Test finished.
10:01:06 [Memory Scan] Memory scan started, please wait a moment ...
10:01:11 [Memory Scan] Memory scan complete.
10:01:11 [Mutex Memory Scan] Started...
10:01:13 [Mutex Memory Scan] Finished (no trojan mutexes found).
10:01:13 [Trace Scan] Started...
10:01:26 [Trace Scan] Finished.
10:01:26 [ServiceScan] Scanning for services and drivers ...
10:01:33 [ServiceScan] Scanned 320 services and drivers.
10:01:33 [File Scan] Scanning in A:\ ...
10:02:01 [File Scan] Scanned 4 files: 0 alarms in 27.83203 seconds (Avg 1.14 files/sec)
10:02:01 [File Scan] Scanning in C:\ ...
11:05:03 [File Scan] Scanned 55818 files: 0 alarms in 3781.027 seconds (Avg 15.76 files/sec)
11:05:03 [File Scan] Scanning in D:\ ...
11:05:03 [File Scan] Scanned 0 files: 0 alarms in 1.953125E-02 seconds (Avg 1. files/sec)
11:05:03 [Scan] Finished.
11:25:27 [TDS] Good morning Scott seaman.

2) I ran all four of the scans you suggested. I only got one virus warning, and this was when I scanned with Panda ActiveScan. The info I was able to get on this is below:

Incident Status Location

Adware:Adware/ExactSearch No disinfected Windows Registry

Common name: ExactSearch

Technical name: Adware/ExactSearch

Threat level: Low

Alias: eXactSearchbar, NaviSearch, Exact Searchbar

Type: Spyware

Subtype: Adware

Effects:
It collects information on Internet usage and the applications installed in the computer and uses it to display pop-up advertisements.

Affected platforms: Windows XP/2000/NT/ME/98/95

First appeared on: Aug. 12, 2004

In circulation? No

Brief Description

ExactSearchis an adware.

Adware is a license form for using programs, which offers the application at the only cost of viewing a series of advertisements. However, these programs sometimes collect data on Internet usage habits, pages viewed, inventory of the applications installed in the computer, etc.

Then, this information can be sent to Internet advertising companies.

3) I uninstalled the printer, the camera, and MS Messenger. I rebooted the computer and hoped that all would be well. Alas, it was just as slow, perhaps even slower (!) after I uninstalled these things as when they were on the computer!!

I have one question related to this. Could it be that I have too many anti-virus programs on my computer and running at the same time? I have heard that sometimes anti-virus programs don't get along very well and can often treat each other as enemies rather than allies. I think I have McAfee, eTrust PestPatrol, and CounterSpy all running simultaneously. This means that one, two, or all of these are often trying to get updates, and this might be slowing down things, especially during the boot-up phase, which seems to take forever these days. (I usually turn on the computer, and then walk away and do other tasks around the house before checking it again. If I sit in front of the computer while it is taking so long to boot, I start to think about turning my computer into a doorstop.) Should I consider uninstalling these things as well??

4) Fresh HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:21:03 PM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: ?y?[?W?|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The?|?o_?y?[?W?|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The?|?o_?≪?‘?Q?A - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The?|?o_”I?I?w’e?|?o - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The?|?o_?|?o?Y’e - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: ?‘??BOX - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: ?≪?‘ET° - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll
O9 - Extra button: ?|?oET° - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll
O9 - Extra button: Yahoo! ???b?Z?“?W???| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe
O9 - Extra 'Tools' menuitem: Yahoo! ???b?Z?“?W???| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/r...1/isetupml.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (32U?ET?A° On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

My fear, of course, is that we will finally get all the bad guys cleaned off my computer, but it will still be as slow as before, indicating a differnet sort of problem. Ah, technology is so fun!

Thank you!!!!!

tinag · 05-04-2005, 06:43 AM

Your logs look clean. There are some deeper-digging tools we can try later, but let's change tactics briefly.

It's entirely possible that having multiple antispyware programs running simultaneously could cause a slowdown, especially depending on how intensive each realtime scan is. You might try getting rid of either CounterSpy or PestPatrol to see how much that helps. (If it's convenient to completely uninstall one of them, go all the way with it.) That should speed both startup and operation.

Another thing we can do is disable some of your other startup items, as you have quite a lot of them. (We won't delete them, just keep them from running automatically; you can always run the programs when you need them.)

I've done a little research to help you make these decisions -- the information is included in the list below. Some items don't need to be run at startup at all -- they'll automatically run later if you try to use an application that uses them. (Messenger, for example.) Others need to be run at startup if you're going to use them, but otherwise should be turned off. Several of the items on your list are language-related, and what I've read indicates that they don't need to run at startup -- I've indicated them separately, though, if you don't want to disable them the first time out.

In any case, if you feel you need some of them when you start up the machine, then don't fix those particular ones.

Open Hijack This and click Scan. If they still exist -- and some might not -- check the following entries:

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (language related)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (language related)
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (language related)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe (This is for the front buttons on your laptop: play, stop, next, prev. Leave this alone if you use those buttons; fix otherwise.)
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe (This is Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) Leave this alone if you use those keys; fix otherwise.)
O4 - HKLM\..\Run: [nwiz] nwiz.exe (This is associated with nVidia graphics cards drivers. It lets you optimize and set preferences for desktop layouts but isn't necessary. Leave this alone if you use that functionality; fix otherwise.)
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (This is TouchPad On/Off Utility on a Toshiba laptop. Leave this alone if you use the on/off; fix otherwise)
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe (This is Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen – LCD, LCD + CRT, CRT, TV. Leave this alone if you use this functionality; fix otherwise.)
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (language related)
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART (not necessary at startup)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (not necessary at startup)
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe (Money reminders. Leave it alone if you use the reminder service; fix otherwise.)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (not necessary at startup)

Please close all other windows, including browsers, then click Fix checked.

Restart your computer. If you choose to make these changes in increments, that's fine -- just restart after each wave of fixes. After the final restart, run a new (unanalyzed) HijackThis log and post it here, and let us know whether things have sped up at all.

Seadog · 05-04-2005, 09:04 PM

Thank you!!!

I don't have time to try this tonight, but will probably be able to do so tomorrow night. I am a little reluctant to mess with the language functions on my computer, so will start with the other things and see if that improves boot-up speed, processing speed, etc.

More later!!!

Seadog · 05-05-2005, 07:06 PM

Hi! I uninstalled CounterSpy completely. I also got rid of many of the programs that ran every time I booted up the computer, but left the language-related ones for now. I had a really bad experience about a year and a half ago when I accidently messed up the language settings, and I couldn't read anything on the computer. This made fixing the problem a nightmare, because I couldn't tell from any of the pull-down menus what I was looking at or choosing!! I would rather have my computer run a little slow than mess up the language settings again.

After doing all of the things above, my computer appears to have speeded up a bit. It is hard to tell how much.

A new HijackThis! log is below. If this looks clean, but you think there might be more we can do to clean up my computer even more, please let me know.

Thank you!!

Logfile of HijackThis v1.99.1
Scan saved at 7:19:48 PM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: ?y?[?W?|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The?|?o_?y?[?W?|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The?|?o_?≪?‘?Q?A - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The?|?o_”I?I?w’e?|?o - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The?|?o_?|?o?Y’e - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: ?‘??BOX - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: ?≪?‘ET° - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll
O9 - Extra button: ?|?oET° - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll
O9 - Extra button: Yahoo! ???b?Z?“?W???| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe
O9 - Extra 'Tools' menuitem: Yahoo! ???b?Z?“?W???| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/r...1/isetupml.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (32U?ET?A° On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

tinag · 05-06-2005, 06:52 AM

Well, I'm glad those steps showed you some progress. I'm sure there's more that can be pursued on the system optimization side, too (if you haven't defragged lately, that might be something to consider), but let's finish ruling out malware first before you start that.

Your HijackThis log is clean. Now we're going to run a couple of advanced tools that'll show us well-hidden nasties. As always, print out these instructions so you have them for your reference, and read everything before proceeding so you can ask questions in advance if necessary..

Right-click on http://www.silentrunners.org/Silent%20Runners.vbs, choose Save As..., and save it to your desktop. Make sure you have disabled any programs that may block/disable scripts (like your anti-virus or anti-spyware programs -- if you're going to disable these, then disconnect from the Internet for this step). Double-click Silent Runners to run it. This will take a few minutes, and will create a file called "Startup Programs" followed by your computer name and current date. Open up that file and post all its contents here in your next post.

Download StartDreck. (If you have trouble downloading it, right-click on the link, select Save Target As... and select a location to save it.)
Unzip into its own folder and start the program:
Click Config and Mark All. Then uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Click OK.

Click Save and select the location to save the log file (default is the same folder as the application). When it's done, post the log in this thread.

These logs can be pretty long, so you may have to split them across a couple of posts -- that's okay.

Also, can you give us some system specs? Let us know what kind of processor you've got, how big your hard drive is and how much space is available on it, and how much RAM you have.

Tina

Seadog · 05-07-2005, 09:34 PM

As usual - Thanks!!!!

Yes, my computer does seem to be running faster than before. And by the way, I defragged my hard drive.

1) Here is my Silent Runners log:

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"00THotkey" = "C:\WINDOWS\System32\00THotkey.exe" ["（株）東芝"]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"TcmTray" = (no data)
"Tpwrtray" = "TPWRTRAY.EXE" ["TOSHIBA Corporation"]
"MSPY2002" = "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"imjpmig" = "C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload" [MS]
"IMEKRMIG6.1" = "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [MS]
"ADUserMon" = "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"]
"Iomega Drive Icons" = "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]
"ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"LXSUPMON" = "C:\WINDOWS\system32\LXSUPMON.EXE RUN" ["Lexmark International Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "ディスプレイパン CPL 拡張"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{C4213067-97B3-4929-9B98-B5600FBBBA13}" = "TouchED"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TOSHIBA\TouchED\TouchED.dll" ["TOSHIBA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."]
"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{880E1C60-DBEB-11D3-A4C4-A58C7193AA36}" = "CyberScrub Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\CYBERS~1\cybshell.dll" ["CyberScrub LLC"]

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Scott Seaman\Local Settings\Application Data\Microsoft\Wallpaper2.bmp"

Startup items in "Scott Seaman" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]
"QuickShelf" -> shortcut to: "C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe" [MS]

Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (SEAMAN-FAMILY-Rumi Seaman)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (SEAMAN-FAMILY-Scott Seaman)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}"
-> {CLSID}\(Default) = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\
-> {CLSID}\(Default) = "**BOX" (unwritable string)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{964174A0-BDB5-11D5-A8FD-00065B1FF8EA}\
(Default) = "The**_****(&X)" (unwritable string)
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\TTI_V6_LE\IeTbandTate.dll" [null data]

HKLM\Software\Classes\CLSID\{964174A2-BDB5-11D5-A8FD-00065B1FF8EA}\
(Default) = "The**_****(&Z)" (unwritable string)
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\TTI_V6_LE\IeTbandYoko.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2A8DA722-A2E3-11D5-A8FD-00065B1FF8EA}\
"ButtonText" = "ページ翻訳"
"MenuText" = "The翻訳_ページ翻訳"
"Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm" [null data]

{2A8DA725-A2E3-11D5-A8FD-00065B1FF8EA}\
"MenuText" = "The翻訳_辞書参照"
"Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm" [null data]

{2A8DA726-A2E3-11D5-A8FD-00065B1FF8EA}\
"MenuText" = "The翻訳_範囲指定翻訳"
"Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm" [null data]

{2A8DA728-A2E3-11D5-A8FD-00065B1FF8EA}\
"MenuText" = "The翻訳_翻訳設定"
"Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm" [null data]

{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "資料BOX"

{964174A1-BDB5-11D5-A8FD-00065B1FF8EA}\
"ButtonText" = "辞書ﾊﾞｰ"

{964174A3-BDB5-11D5-A8FD-00065B1FF8EA}\
"ButtonText" = "翻訳ﾊﾞｰ"

{CEBF73C0-BA2E-11D4-A73A-00508B33FB82}\
"ButtonText" = "Yahoo! メッセンジャ－"
"MenuText" = "Yahoo! メッセンジャ－"
"Exec" = "C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe" ["Yahoo! Japan"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]
Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["McAfee, Inc"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

2) Here is my StartDreck log:

StartDreck (build 2.1.7 public stable) - 2005-05-07 @ 23

31 (GMT -04:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Scott Seaman at SEAMAN-FAMILY

≫Registry
≫Run Keys
≫Current User
≫Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
≫RunOnce
≫Default User
≫Run
*ctfmon.exe=ctfmon.exe
≫RunOnce
≫Local Machine
≫Run
*IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
*PHIME2002ASync=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
*PHIME2002A=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
*00THotkey=C:\WINDOWS\System32\00THotkey.exe
*NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
*Apoint=C:\Program Files\Apoint2K\Apoint.exe
*TcmTray=
*Tpwrtray=TPWRTRAY.EXE
*MSPY2002=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
*imjpmig=C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
*IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
*ADUserMon=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
*Iomega Drive Icons=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
*ezShieldProtector for Px=C:\WINDOWS\System32\ezSP_Px.exe
*VSOCheckTask="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
*VirusScan Online="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
*MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
*MPFExe=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
*LXSUPMON=C:\WINDOWS\system32\LXSUPMON.EXE RUN
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
≫RunOnce
≫RunServices
≫RunServicesOnce
≫RunOnceEx
≫RunServicesOnceEx
≫File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
≫Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+アドレス帳 6
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows デスクトップのアップデートコンポーネント
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
≫Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
≫Internet Explorer
≫Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=
*Start Page=http://www.cnn.com/
+SearchUrl
*provider=
≫Default User
*Start Page=http://dynabook.com/
≫Local Machine
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Bar=
*Search Page=
*Start Page=http://www.cnn.com/
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
≫ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
≫Special NT Values
≫Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
≫Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
≫Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
≫Files
≫Autostart Folders
≫Current User
*C:\Documents and Settings\Scott Seaman\スタートメニュー\プログラム\スタートアップ\desktop.ini
≫Default User
*C:\WINDOWS\system32\config\systemprofile\スタートメニュー\プログラム\スタートアップ\desktop.ini
≫Local Machine
*C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\desktop.ini
*C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\Microsoft Office.lnk
*C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\NkvMon.exe.lnk
*C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\QuickShelf.lnk
≫INI-Files
≫WIN.INI\[windows]
*LOAD=
*RUN=
≫SYSTEM.INI\[boot]
*SHELL=Explorer.exe
≫Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
`Files=50
`Buffers=30
*C:\WINDOWS\system32\config.nt
`EMM=RAM
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`devicehigh=%SystemRoot%\system32\ntfont.sys
`devicehigh=%SystemRoot%\system32\font_win.sys
`devicehigh=%SystemRoot%\system32\$disp.sys /hs=%HardwareScroll%
`devicehigh=%SystemRoot%\system32\disp_win.sys
`devicehigh=%SystemRoot%\system32\kkcfunc.sys
`files=40
`device=%SystemRoot%\system32\MSIMEK.SYS /A1
`devicehigh=%SystemRoot%\system32\MSIMEI.SYS /D*%SystemRoot%\system32\MSIMER.DIC /D%SystemRoot%\system32\MSIME.DIC /C1 /N /A1
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[rename]
`NUL=C:\WINDOWS\System32\bdle4012.exe
`NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\WELCOME.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\PROTECT.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\PROPWIN.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\JAZTHANK.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\CTL3D.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\51AB0E.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_SETUP.LIB
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\WELCOME.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\PROTECT.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\PROPWIN.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\JAZTHANK.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\CTL3D.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\4F7927.DLL
*C:\WINDOWS\winstart.bat
`@C:\WINDOWS\tmpcpyis.bat
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
≫Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
≫%PATH% Companion Files
+C:\WINDOWS\system32\TASKMGR.COM
*C:\WINDOWS\system32\taskmgr.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
+C:\WINDOWS\REGEDIT.COM
*C:\WINDOWS\regedit.exe
≫System/Drivers
≫Running Processes
+0=<idle>
+4=<system>
+552=\SystemRoot\System32\smss.exe
+616=\??\C:\WINDOWS\system32\csrss.exe
+640=\??\C:\WINDOWS\system32\winlogon.exe
+684=C:\WINDOWS\system32\services.exe
+696=C:\WINDOWS\system32\lsass.exe
+848=C:\WINDOWS\system32\svchost.exe
+924=C:\WINDOWS\system32\svchost.exe
+1024=C:\WINDOWS\System32\svchost.exe
+1084=C:\WINDOWS\System32\svchost.exe
+1276=C:\WINDOWS\System32\svchost.exe
+1404=C:\WINDOWS\system32\LEXBCES.EXE
+1432=C:\WINDOWS\system32\spoolsv.exe
+1448=C:\WINDOWS\system32\LEXPPS.EXE
+1652=C:\PROGRA~1\Iomega\System32\AppServices.exe
+1672=c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
+1692=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+1772=C:\WINDOWS\System32\nvsvc32.exe
+1820=C:\WINDOWS\System32\svchost.exe
+1884=C:\WINDOWS\system32\wdfmgr.exe
+1984=C:\Program Files\Iomega\AutoDisk\ADService.exe
+216=c:\PROGRA~1\mcafee.com\vso\mcshield.exe
+396=C:\WINDOWS\System32\alg.exe
+1324=C:\WINDOWS\Explorer.EXE
+132=C:\WINDOWS\System32\00THotkey.exe
+1052=C:\Program Files\Apoint2K\Apoint.exe
+1136=C:\WINDOWS\system32\TPWRTRAY.EXE
+1584=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
+1064=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
+1268=C:\Program Files\Apoint2K\Apntex.exe
+1224=C:\WINDOWS\System32\ezSP_Px.exe
+2072=C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
+2080=C:\PROGRA~1\mcafee.com\agent\mcagent.exe
+2200=C:\WINDOWS\system32\conime.exe
+2208=c:\progra~1\mcafee.com\vso\mcvsescn.exe
+2300=C:\WINDOWS\system32\LXSUPMON.EXE
+2316=C:\WINDOWS\system32\ctfmon.exe
+2520=C:\Program Files\Nikon\NkView6\NkvMon.exe
+2568=C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe
+3104=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
+3140=C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
+3084=C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
+3736=C:\Program Files\Internet Explorer\iexplore.exe
+3596=C:\StartDreck\StartDreck\StartDreck.exe
≫VMM32Files (LM)
≫%System%\VMM32
≫%System%\IOSUBSYS
≫Application specific
≫MS Office 97/8.0 STARTUP-PATH
≫Current User
≫Default User
≫Local Machine
≫ICQ NetDetect
≫Current User
≫Default User

3) As for specs, I'll give it my best shot. (I have really never looked at any of this!!)

Processor: Mobile Intel Celeron Processor 1.50GHz
HDD: 40GB
Space available: 6.14GB (It has always baffled me that I only have this much space available. I don't think I have anything on my computer that should be taking up this much space. Probably the biggest stuff I had on it at one time was all of my graduate school junk, but I took all that off. I have had other people look at my computer and comment that I don't have much space available, especially in light of the fact that I have only pretty basic stuff on my computer.)
RAM: 256MB

How does all of this look??

I'm going to bed now. Thanks so much!

tinag · 05-08-2005, 09:57 AM

I'm glad you've seen some progress by working on the system, because those logs both look clean.

It might be time for you to take your query to the Windows XP board and see if you can get any other optimization suggestions from the experts there. (Let them know that you've been cleared on the HJT board so they don't try to send you back over here.) It seems to me that you're running quite a lot for a computer that doesn't have a lot of RAM, but that's not an authoritative opinion.

It does seem a little strange that you don't have much disk space left if you don't have much installed there. I know you've already run the CleanUp! utility, so you gained some space there. Running that occasionally will help keep disk space free.

On the other hand, the OS itself takes up some space, and you do have quite a few applications installed, and it doesn't take long to eat up space that way. Maybe you have some other data files lying about that could be archived to disk? You might also consider uninstalling programs you're not using -- I don't know if you actually use that Toshiba translation program we talked about, but if not, that's something that can go that would free up both space and resources. Windows Disk Cleanup (Start > Programs > Accessories > System Tools > Disk Cleanup) might help you eliminate a few unnecessary items.

On the malware front, though, you're clean. We've already taken care of the usual end-of-fix housekeeping, and I know you're already running some antimalware protection, but I'll leave you with this tutorial on prevention anyway.

Good luck in the next stage!

Seadog · 05-09-2005, 09:45 PM

Thanks!!! I think I will take a break for now and maybe come back later to the Windows XP board for more help. But, my computer is running better, and I think we have cleaned off lots of crud! You are the best! Thanks so much for sticking with me and not giving up!! My wife is happy, too, and thinks I am wonderful (at least for the next day or two). Have a good week!

05-04-2005, 06:43 AM	#22 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	Your logs look clean. There are some deeper-digging tools we can try later, but let's change tactics briefly. It's entirely possible that having multiple antispyware programs running simultaneously could cause a slowdown, especially depending on how intensive each realtime scan is. You might try getting rid of either CounterSpy or PestPatrol to see how much that helps. (If it's convenient to completely uninstall one of them, go all the way with it.) That should speed both startup and operation. Another thing we can do is disable some of your other startup items, as you have quite a lot of them. (We won't delete them, just keep them from running automatically; you can always run the programs when you need them.) I've done a little research to help you make these decisions -- the information is included in the list below. Some items don't need to be run at startup at all -- they'll automatically run later if you try to use an application that uses them. (Messenger, for example.) Others need to be run at startup if you're going to use them, but otherwise should be turned off. Several of the items on your list are language-related, and what I've read indicates that they don't need to run at startup -- I've indicated them separately, though, if you don't want to disable them the first time out. In any case, if you feel you need some of them when you start up the machine, then don't fix those particular ones. Open Hijack This and click Scan. If they still exist -- and some might not -- check the following entries: O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (language related) O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (language related) O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (language related) O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe (This is for the front buttons on your laptop: play, stop, next, prev. Leave this alone if you use those buttons; fix otherwise.) O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe (This is Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) Leave this alone if you use those keys; fix otherwise.) O4 - HKLM\..\Run: [nwiz] nwiz.exe (This is associated with nVidia graphics cards drivers. It lets you optimize and set preferences for desktop layouts but isn't necessary. Leave this alone if you use that functionality; fix otherwise.) O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (This is TouchPad On/Off Utility on a Toshiba laptop. Leave this alone if you use the on/off; fix otherwise) O4 - HKLM\..\Run: [TFNF5] TFNF5.exe (This is Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen – LCD, LCD + CRT, CRT, TV. Leave this alone if you use this functionality; fix otherwise.) O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (language related) O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART (not necessary at startup) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (not necessary at startup) O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe (Money reminders. Leave it alone if you use the reminder service; fix otherwise.) O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (not necessary at startup) *Please close all other windows, including browsers, then click Fix checked.* Restart your computer. If you choose to make these changes in increments, that's fine -- just restart after each wave of fixes. After the final restart, run a new (unanalyzed) HijackThis log and post it here, and let us know whether things have sped up at all. __________________ Have TSF volunteers helped you? Please consider helping TSF by subscribing or donating. Thanks!

05-06-2005, 06:52 AM	#25 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	Well, I'm glad those steps showed you some progress. I'm sure there's more that can be pursued on the system optimization side, too (if you haven't defragged lately, that might be something to consider), but let's finish ruling out malware first before you start that. Your HijackThis log is clean. Now we're going to run a couple of advanced tools that'll show us well-hidden nasties. As always, print out these instructions so you have them for your reference, and read everything before proceeding so you can ask questions in advance if necessary.. Right-click on http://www.silentrunners.org/Silent%20Runners.vbs, choose Save As..., and save it to your desktop. Make sure you have disabled any programs that may block/disable scripts (like your anti-virus or anti-spyware programs -- if you're going to disable these, then disconnect from the Internet for this step). Double-click Silent Runners to run it. This will take a few minutes, and will create a file called "Startup Programs" followed by your computer name and current date. Open up that file and post all its contents here in your next post. Download StartDreck. (If you have trouble downloading it, right-click on the link, select Save Target As... and select a location to save it.) Unzip into its own folder and start the program: Click Config and Mark All. Then uncheck the following boxes only: System/Running Process -> List Modules System/Drivers -> NT Services System/Drivers -> NT Kernel- and FS-drivers Click OK. Click Save and select the location to save the log file (default is the same folder as the application). When it's done, post the log in this thread. These logs can be pretty long, so you may have to split them across a couple of posts -- that's okay. Also, can you give us some system specs? Let us know what kind of processor you've got, how big your hard drive is and how much space is available on it, and how much RAM you have. Tina __________________ Have TSF volunteers helped you? Please consider helping TSF by subscribing or donating. Thanks!

05-07-2005, 09:34 PM	#26 (permalink)
Seadog Registered User Join Date: Apr 2005 Posts: 15 OS: WinXP	As usual - Thanks!!!! Yes, my computer does seem to be running faster than before. And by the way, I defragged my hard drive. 1) Here is my Silent Runners log: "Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "00THotkey" = "C:\WINDOWS\System32\00THotkey.exe" ["（株）東芝"] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."] "TcmTray" = (no data) "Tpwrtray" = "TPWRTRAY.EXE" ["TOSHIBA Corporation"] "MSPY2002" = "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "imjpmig" = "C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload" [MS] "IMEKRMIG6.1" = "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [MS] "ADUserMon" = "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"] "Iomega Drive Icons" = "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"] "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."] "VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["McAfee, Inc."] "VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["McAfee, Inc."] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "LXSUPMON" = "C:\WINDOWS\system32\LXSUPMON.EXE RUN" ["Lexmark International Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "ディスプレイパン CPL 拡張" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{C4213067-97B3-4929-9B98-B5600FBBBA13}" = "TouchED" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TOSHIBA\TouchED\TouchED.dll" ["TOSHIBA Corporation"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."] "{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."] "{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{880E1C60-DBEB-11D3-A4C4-A58C7193AA36}" = "CyberScrub Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\CYBERS~1\cybshell.dll" ["CyberScrub LLC"] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is disabled. HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Scott Seaman\Local Settings\Application Data\Microsoft\Wallpaper2.bmp" Startup items in "Scott Seaman" & "All Users" startup folders: -------------------------------------------------------------- C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"] "QuickShelf" -> shortcut to: "C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe" [MS] Enabled Scheduled Tasks: ------------------------ "McAfee.com Update Check (SEAMAN-FAMILY-Rumi Seaman)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"] "McAfee.com Update Check (SEAMAN-FAMILY-Scott Seaman)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BA52B914-B692-46C4-B683-905236F6F655}" -> {CLSID}\(Default) = "McAfee VirusScan" -> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {9455301C-CF6B-11D3-A266-00C04F689C50}\ -> {CLSID}\(Default) = "BOX" (unwritable string) -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{964174A0-BDB5-11D5-A8FD-00065B1FF8EA}\ (Default) = "The_**(&X)" (unwritable string) Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\TTI_V6_LE\IeTbandTate.dll" [null data] HKLM\Software\Classes\CLSID\{964174A2-BDB5-11D5-A8FD-00065B1FF8EA}\ (Default) = "The_***(&Z)" (unwritable string) Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\TTI_V6_LE\IeTbandYoko.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2A8DA722-A2E3-11D5-A8FD-00065B1FF8EA}\ "ButtonText" = "ページ翻訳" "MenuText" = "The翻訳_ページ翻訳" "Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm" [null data] {2A8DA725-A2E3-11D5-A8FD-00065B1FF8EA}\ "MenuText" = "The翻訳_辞書参照" "Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm" [null data] {2A8DA726-A2E3-11D5-A8FD-00065B1FF8EA}\ "MenuText" = "The翻訳_範囲指定翻訳" "Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm" [null data] {2A8DA728-A2E3-11D5-A8FD-00065B1FF8EA}\ "MenuText" = "The翻訳_翻訳設定" "Script" = "C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm" [null data] {9455301C-CF6B-11D3-A266-00C04F689C50}\ "ButtonText" = "資料BOX" {964174A1-BDB5-11D5-A8FD-00065B1FF8EA}\ "ButtonText" = "辞書ﾊﾞｰ" {964174A3-BDB5-11D5-A8FD-00065B1FF8EA}\ "ButtonText" = "翻訳ﾊﾞｰ" {CEBF73C0-BA2E-11D4-A73A-00508B33FB82}\ "ButtonText" = "Yahoo! メッセンジャ－" "MenuText" = "Yahoo! メッセンジャ－" "Exec" = "C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe" ["Yahoo! Japan"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"] Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."] McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["McAfee, Inc"] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ---------- This report excludes default entries except where indicated. To see everywhere* the script checks and everything it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- 2) Here is my StartDreck log: StartDreck (build 2.1.7 public stable) - 2005-05-07 @ 2331 (GMT -04:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Scott Seaman at SEAMAN-FAMILY ≫Registry ≫Run Keys ≫Current User ≫Run ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe ≫RunOnce ≫Default User ≫Run ctfmon.exe=ctfmon.exe ≫RunOnce ≫Local Machine ≫Run IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 PHIME2002ASync=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName 00THotkey=C:\WINDOWS\System32\00THotkey.exe NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize Apoint=C:\Program Files\Apoint2K\Apoint.exe TcmTray= Tpwrtray=TPWRTRAY.EXE MSPY2002=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC imjpmig=C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE ADUserMon=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe Iomega Drive Icons=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe ezShieldProtector for Px=C:\WINDOWS\System32\ezSP_Px.exe VSOCheckTask="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask VirusScan Online="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe MPFExe=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe LXSUPMON=C:\WINDOWS\system32\LXSUPMON.EXE RUN +OptionalComponents +MSFS Installed=1 +MAPI Installed=1 NoChange=1 +MAPI Installed=1 NoChange=1 ≫RunOnce ≫RunServices ≫RunServicesOnce ≫RunOnceEx ≫RunServicesOnceEx ≫File Associations (CR) +.bat batfile="%1" %* +.com comfile="%1" % +.disabled SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe exefile="%1" %* +.hta htafile=C:\WINDOWS\System32\mshta.exe "%1" % +.htm htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js JSFile=%SystemRoot%\System32\WScript.exe "%1" % +.jse JSEFile=%SystemRoot%\System32\WScript.exe "%1" % +.pif piffile="%1" % +.reg regfile=regedit.exe "%1" +.scr scrfile="%1" /S +.txt txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe VBEFile=%SystemRoot%\System32\WScript.exe "%1" % +.wsh WSHFile=%SystemRoot%\System32\WScript.exe "%1" % +.wsf WSFFile=%SystemRoot%\System32\WScript.exe "%1" % +.lnk `lnkfile= [key or value does not exist] ≫Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub +アドレス帳 6 StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows デスクトップのアップデートコンポーネント StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=%SystemRoot%\system32\ie4uinit.exe ≫Browser Helper Objects (LM) AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ≫Internet Explorer ≫Current User Local Page=C:\WINDOWS\system32\blank.htm Search Page= Start Page=http://www.cnn.com/ +SearchUrl provider= ≫Default User Start Page=http://dynabook.com/ ≫Local Machine Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Local Page=%SystemRoot%\system32\blank.htm Search Bar= Search Page= Start Page=http://www.cnn.com/ CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ≫ShellServiceObjectDelayLoad (LM) PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll ≫Special NT Values ≫Current User Load= Run= Programs=com exe bat pif cmd SHELL= ≫Default User Load= Run= Programs=com exe bat pif cmd SHELL= ≫Local Machine AppInit_DLLs= SHELL=Explorer.exe Userinit=C:\WINDOWS\system32\userinit.exe, ≫Files ≫Autostart Folders ≫Current User C:\Documents and Settings\Scott Seaman\スタートメニュー\プログラム\スタートアップ\desktop.ini ≫Default User C:\WINDOWS\system32\config\systemprofile\スタートメニュー\プログラム\スタートアップ\desktop.ini ≫Local Machine C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\desktop.ini C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\Microsoft Office.lnk C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\NkvMon.exe.lnk C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ\QuickShelf.lnk ≫INI-Files ≫WIN.INI\[windows] LOAD= RUN= ≫SYSTEM.INI\[boot] SHELL=Explorer.exe ≫Text Files C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\msdos.sys C:\config.sys `Files=50 `Buffers=30 C:\WINDOWS\system32\config.nt `EMM=RAM `dos=high, umb `device=%SystemRoot%\system32\himem.sys `devicehigh=%SystemRoot%\system32\ntfont.sys `devicehigh=%SystemRoot%\system32\font_win.sys `devicehigh=%SystemRoot%\system32\$disp.sys /hs=%HardwareScroll% `devicehigh=%SystemRoot%\system32\disp_win.sys `devicehigh=%SystemRoot%\system32\kkcfunc.sys `files=40 `device=%SystemRoot%\system32\MSIMEK.SYS /A1 `devicehigh=%SystemRoot%\system32\MSIMEI.SYS /D%SystemRoot%\system32\MSIMER.DIC /D%SystemRoot%\system32\MSIME.DIC /C1 /N /A1 C:\autoexec.bat C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 C:\WINDOWS\wininit.ini `[rename] `NUL=C:\WINDOWS\System32\bdle4012.exe `NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\WELCOME.BMP `NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\PROTECT.DLL `NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\PROPWIN.BMP `NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\JAZTHANK.BMP `NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\CTL3D.DLL `NUL=C:\WINDOWS\TEMP\_ISTMP2.DIR\51AB0E.DLL `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_SETUP.LIB `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\WELCOME.BMP `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\PROTECT.DLL `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\PROPWIN.BMP `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\JAZTHANK.BMP `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\CTL3D.DLL `NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\4F7927.DLL C:\WINDOWS\winstart.bat `@C:\WINDOWS\tmpcpyis.bat C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost ≫Program Files C:\ntldr C:\ntdetect.com C:\io.sys C:\WINDOWS\system32\win.com C:\WINDOWS\explorer.exe ≫%PATH% Companion Files +C:\WINDOWS\system32\TASKMGR.COM C:\WINDOWS\system32\taskmgr.exe +C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\taskman.exe C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\winhlp32.exe C:\WINDOWS\winhlp32.exe +C:\WINDOWS\REGEDIT.COM C:\WINDOWS\regedit.exe ≫System/Drivers ≫Running Processes +0=<idle> +4=<system> +552=\SystemRoot\System32\smss.exe +616=\??\C:\WINDOWS\system32\csrss.exe +640=\??\C:\WINDOWS\system32\winlogon.exe +684=C:\WINDOWS\system32\services.exe +696=C:\WINDOWS\system32\lsass.exe +848=C:\WINDOWS\system32\svchost.exe +924=C:\WINDOWS\system32\svchost.exe +1024=C:\WINDOWS\System32\svchost.exe +1084=C:\WINDOWS\System32\svchost.exe +1276=C:\WINDOWS\System32\svchost.exe +1404=C:\WINDOWS\system32\LEXBCES.EXE +1432=C:\WINDOWS\system32\spoolsv.exe +1448=C:\WINDOWS\system32\LEXPPS.EXE +1652=C:\PROGRA~1\Iomega\System32\AppServices.exe +1672=c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe +1692=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe +1772=C:\WINDOWS\System32\nvsvc32.exe +1820=C:\WINDOWS\System32\svchost.exe +1884=C:\WINDOWS\system32\wdfmgr.exe +1984=C:\Program Files\Iomega\AutoDisk\ADService.exe +216=c:\PROGRA~1\mcafee.com\vso\mcshield.exe +396=C:\WINDOWS\System32\alg.exe +1324=C:\WINDOWS\Explorer.EXE +132=C:\WINDOWS\System32\00THotkey.exe +1052=C:\Program Files\Apoint2K\Apoint.exe +1136=C:\WINDOWS\system32\TPWRTRAY.EXE +1584=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe +1064=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe +1268=C:\Program Files\Apoint2K\Apntex.exe +1224=C:\WINDOWS\System32\ezSP_Px.exe +2072=C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe +2080=C:\PROGRA~1\mcafee.com\agent\mcagent.exe +2200=C:\WINDOWS\system32\conime.exe +2208=c:\progra~1\mcafee.com\vso\mcvsescn.exe +2300=C:\WINDOWS\system32\LXSUPMON.EXE +2316=C:\WINDOWS\system32\ctfmon.exe +2520=C:\Program Files\Nikon\NkView6\NkvMon.exe +2568=C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe +3104=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe +3140=C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe +3084=C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe +3736=C:\Program Files\Internet Explorer\iexplore.exe +3596=C:\StartDreck\StartDreck\StartDreck.exe ≫VMM32Files (LM) ≫%System%\VMM32 ≫%System%\IOSUBSYS ≫Application specific ≫MS Office 97/8.0 STARTUP-PATH ≫Current User ≫Default User ≫Local Machine ≫ICQ NetDetect ≫Current User ≫Default User 3) As for specs, I'll give it my best shot. (I have really never looked at any of this!!) Processor: Mobile Intel Celeron Processor 1.50GHz HDD: 40GB Space available: 6.14GB (It has always baffled me that I only have this much space available. I don't think I have anything on my computer that should be taking up this much space. Probably the biggest stuff I had on it at one time was all of my graduate school junk, but I took all that off. I have had other people look at my computer and comment that I don't have much space available, especially in light of the fact that I have only pretty basic stuff on my computer.) RAM: 256MB How does all of this look?? I'm going to bed now. Thanks so much!

05-08-2005, 09:57 AM	#27 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	I'm glad you've seen some progress by working on the system, because those logs both look clean. It might be time for you to take your query to the Windows XP board and see if you can get any other optimization suggestions from the experts there. (Let them know that you've been cleared on the HJT board so they don't try to send you back over here.) It seems to me that you're running quite a lot for a computer that doesn't have a lot of RAM, but that's not an authoritative opinion. It does seem a little strange that you don't have much disk space left if you don't have much installed there. I know you've already run the CleanUp! utility, so you gained some space there. Running that occasionally will help keep disk space free. On the other hand, the OS itself takes up some space, and you do have quite a few applications installed, and it doesn't take long to eat up space that way. Maybe you have some other data files lying about that could be archived to disk? You might also consider uninstalling programs you're not using -- I don't know if you actually use that Toshiba translation program we talked about, but if not, that's something that can go that would free up both space and resources. Windows Disk Cleanup (Start > Programs > Accessories > System Tools > Disk Cleanup) might help you eliminate a few unnecessary items. On the malware front, though, you're clean. We've already taken care of the usual end-of-fix housekeeping, and I know you're already running some antimalware protection, but I'll leave you with this tutorial on prevention anyway. Good luck in the next stage! __________________ Have TSF volunteers helped you? Please consider helping TSF by subscribing or donating. Thanks!

05-01-2005, 05:28 PM	#21 (permalink)
Seadog Registered User Join Date: Apr 2005 Posts: 15 OS: WinXP	Thank you for your continued help!! Please see items below. 1) Here is my TDS-3 log: (there was nothing in the "alarms" window) 09:56:40 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 09:56:40 [Init] Started 01-05-05 09:56:40 (UTC: 5), Internet Time @622.69 09:56:40 [Init] Loading TDS-3 Systems ... 09:56:40 [Init] Token successfully adjusted. 09:56:40 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 09:56:42 [Init] • Plugins : OK. Loaded 13 09:56:43 [Init] • Exec Protection : Not Installed 09:56:43 [Init] WARNING: Your Radius.TD3 database needs to be updated! 09:56:43 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 09:56:43 [Init] Licensed users can use the Update facility from the TDS menu 09:56:43 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 09:57:00 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 09:57:00 [Init] • Systems Initialised [53638 references - 27561 primaries/13851 traces/12226 variants/other] 09:57:00 [Init] Radius Systems loaded. <Databases updated 01-05-2005> 09:57:01 [Init] TDS-3 Ready. <Scott seaman@70.187.219.175, 127.0.0.1 - ??> 09:57:01 [Tip Of The Day] Did you know? - TDS-3 is the only anti-trojan system that can detect trojans by scanning for the memory-resident mutexes that they use. 09:57:01 [Init] NOTICE A change has been detected in the autostart registry. Press Ctrl+A to view the autostart registry 09:57:01 [TDS] Good morning Scott seaman. 09:57:17 [Mutex Memory Scan] Started... 09:57:19 [Mutex Memory Scan] Finished (no trojan mutexes found). 09:57:19 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 09:57:31 [CRC32] Started - verifying 29 files ... 09:57:35 [CRC32] Test finished. 10:01:06 [Memory Scan] Memory scan started, please wait a moment ... 10:01:11 [Memory Scan] Memory scan complete. 10:01:11 [Mutex Memory Scan] Started... 10:01:13 [Mutex Memory Scan] Finished (no trojan mutexes found). 10:01:13 [Trace Scan] Started... 10:01:26 [Trace Scan] Finished. 10:01:26 [ServiceScan] Scanning for services and drivers ... 10:01:33 [ServiceScan] Scanned 320 services and drivers. 10:01:33 [File Scan] Scanning in A:\ ... 10:02:01 [File Scan] Scanned 4 files: 0 alarms in 27.83203 seconds (Avg 1.14 files/sec) 10:02:01 [File Scan] Scanning in C:\ ... 11:05:03 [File Scan] Scanned 55818 files: 0 alarms in 3781.027 seconds (Avg 15.76 files/sec) 11:05:03 [File Scan] Scanning in D:\ ... 11:05:03 [File Scan] Scanned 0 files: 0 alarms in 1.953125E-02 seconds (Avg 1. files/sec) 11:05:03 [Scan] Finished. 11:25:27 [TDS] Good morning Scott seaman. 2) I ran all four of the scans you suggested. I only got one virus warning, and this was when I scanned with Panda ActiveScan. The info I was able to get on this is below: Incident Status Location Adware:Adware/ExactSearch No disinfected Windows Registry Common name: ExactSearch Technical name: Adware/ExactSearch Threat level: Low Alias: eXactSearchbar, NaviSearch, Exact Searchbar Type: Spyware Subtype: Adware Effects: It collects information on Internet usage and the applications installed in the computer and uses it to display pop-up advertisements. Affected platforms: Windows XP/2000/NT/ME/98/95 First appeared on: Aug. 12, 2004 In circulation? No Brief Description ExactSearchis an adware. Adware is a license form for using programs, which offers the application at the only cost of viewing a series of advertisements. However, these programs sometimes collect data on Internet usage habits, pages viewed, inventory of the applications installed in the computer, etc. Then, this information can be sent to Internet advertising companies. 3) I uninstalled the printer, the camera, and MS Messenger. I rebooted the computer and hoped that all would be well. Alas, it was just as slow, perhaps even slower (!) after I uninstalled these things as when they were on the computer!! I have one question related to this. Could it be that I have too many anti-virus programs on my computer and running at the same time? I have heard that sometimes anti-virus programs don't get along very well and can often treat each other as enemies rather than allies. I think I have McAfee, eTrust PestPatrol, and CounterSpy all running simultaneously. This means that one, two, or all of these are often trying to get updates, and this might be slowing down things, especially during the boot-up phase, which seems to take forever these days. (I usually turn on the computer, and then walk away and do other tasks around the house before checking it again. If I sit in front of the computer while it is taking so long to boot, I start to think about turning my computer into a doorstop.) Should I consider uninstalling these things as well?? 4) Fresh HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 7:21:03 PM, on 5/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Iomega\System32\AppServices.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\WINDOWS\system32\TFNF5.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\System32\ezSP_Px.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Microsoft Money\System\reminder.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm O9 - Extra button: ?y?[?W?\|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm O9 - Extra 'Tools' menuitem: The?\|?o_?y?[?W?\|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm O9 - Extra 'Tools' menuitem: The?\|?o_?≪?‘?Q?A - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm O9 - Extra 'Tools' menuitem: The?\|?o_”I?I?w’e?\|?o - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm O9 - Extra 'Tools' menuitem: The?\|?o_?\|?o?Y’e - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm O9 - Extra button: ?‘??BOX - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: ?≪?‘ET° - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll O9 - Extra button: ?\|?oET° - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll O9 - Extra button: Yahoo! ???b?Z?“?W???\| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe O9 - Extra 'Tools' menuitem: Yahoo! ???b?Z?“?W???\| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/ O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/r...1/isetupml.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (32U?ET?A° On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe My fear, of course, is that we will finally get all the bad guys cleaned off my computer, but it will still be as slow as before, indicating a differnet sort of problem. Ah, technology is so fun! Thank you!!!!!

05-04-2005, 09:04 PM	#23 (permalink)
Seadog Registered User Join Date: Apr 2005 Posts: 15 OS: WinXP	Thank you!!! I don't have time to try this tonight, but will probably be able to do so tomorrow night. I am a little reluctant to mess with the language functions on my computer, so will start with the other things and see if that improves boot-up speed, processing speed, etc. More later!!!

05-05-2005, 07:06 PM	#24 (permalink)
Seadog Registered User Join Date: Apr 2005 Posts: 15 OS: WinXP	Hi! I uninstalled CounterSpy completely. I also got rid of many of the programs that ran every time I booted up the computer, but left the language-related ones for now. I had a really bad experience about a year and a half ago when I accidently messed up the language settings, and I couldn't read anything on the computer. This made fixing the problem a nightmare, because I couldn't tell from any of the pull-down menus what I was looking at or choosing!! I would rather have my computer run a little slow than mess up the language settings again. After doing all of the things above, my computer appears to have speeded up a bit. It is hard to tell how much. A new HijackThis! log is below. If this looks clean, but you think there might be more we can do to clean up my computer even more, please let me know. Thank you!! Logfile of HijackThis v1.99.1 Scan saved at 7:19:48 PM, on 5/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\System32\ezSP_Px.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\qshelf.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm O9 - Extra button: ?y?[?W?\|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm O9 - Extra 'Tools' menuitem: The?\|?o_?y?[?W?\|?o - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm O9 - Extra 'Tools' menuitem: The?\|?o_?≪?‘?Q?A - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm O9 - Extra 'Tools' menuitem: The?\|?o_”I?I?w’e?\|?o - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm O9 - Extra 'Tools' menuitem: The?\|?o_?\|?o?Y’e - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm O9 - Extra button: ?‘??BOX - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: ?≪?‘ET° - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll O9 - Extra button: ?\|?oET° - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll O9 - Extra button: Yahoo! ???b?Z?“?W???\| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe O9 - Extra 'Tools' menuitem: Yahoo! ???b?Z?“?W???\| - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/ O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/r...1/isetupml.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (32U?ET?A° On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

05-09-2005, 09:45 PM	#28 (permalink)
Seadog Registered User Join Date: Apr 2005 Posts: 15 OS: WinXP	Thanks!!! I think I will take a break for now and maybe come back later to the Windows XP board for more help. But, my computer is running better, and I think we have cleaned off lots of crud! You are the best! Thanks so much for sticking with me and not giving up!! My wife is happy, too, and thinks I am wonderful (at least for the next day or two). Have a good week!