Guys (or gals), I need some help!
I've run aggressive checks for spyware, virus and trojans, and come up clean..
My system configuration is as follows: Windows XP-Pro, SP2, with all the latest
updates applied. AMD Athlon 64 Processor, 3200+, 2.0 Ghz 512kb cache, with a total of
4GB of 400mhz Dual Channel DDR RAM -- and an ATI Radeon X600 Pro Video Card with 250MB.
Over 100GB of free space on both my hard drives.
Problem: when opening up items from the windows toolbar, e.g. Favorites, History, etc.,
there is a delay of approximately 18 seconds. Opening programs from the taskbar on the other
had are fine - they open in a snap. Some menu items are also SLOW, (but not 18 seconds slow),
more like 5 or 6. On the other hand, opening something like Windows Explorer from the taskbar
is instant, and internet explorer from the taskbar maybe 5-8 sec including loading homepage.
I. Attempted Solutions:
1) I have a LOT of favorites, so I deleted them temporarily, and tried it with only 5 favorite items.. no change. (Didn't really expect one since history items are also VERY slow).
2) Cleared cache, and temporary files, including Internet Temporary files, no effect.
2) Ran Defrag and Scan disk.. no effect.
3) Tried letting windows set my paging file, and also tried increasing size of paging file, from small to very large, no effect.
4) Try several different memory managers, and found "MaxMem" does make some things more "snappy", but generally no effect.
5) Tried eliminating drop shadows for menus.. no effect.
6) Tried adjusting menu item delay in registry - no effect.
7) Tried running WindowsWasher by PCTools.. slight improvement, but no real lasting effect.
II. Checked For Malware:
A) Scanned for Viruses using Kaspersky on max settings with extended database.. clean.
B) Checked for Trojans with TrojanHunter - Clean
C) Checked For Spyware With: Xoft, Spysweeper, SpyBot, SpyDoctor, Adaware... all clean.
D) Checked for Virii, worms, spyware, etc. using Prevx scan.. clean
E) Running Prevx1, OnlineArmor, RestorIT, etc. Tried removing some of these ... no effect.
F) Tried it without some of the other programs, such as RNMail, Pluck, etc. (just having fewer programs at start-up)... no impact, other than slightly snappier performance across the board as would be expected.
Here is my HijackThis Log. I really need some help on this:
Logfile of HijackThis v1.99.1
Scan saved at 10:22:16 AM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
C:\Program Files\Zone\zlclient.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\security\prevx\PXConsole.exe
C:\Program Files\RNmail\rn.exe
C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\DS Clock\dsclock.exe
C:\security\prevx\PXAgent.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Documents and Settings\Mark Wieser\Start Menu\Programs\Startup\maxmem.exe
C:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\security\EmuArmor\OnlineArmor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\security\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\security\SecuritySpybot\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: &RN_Object - {E6B48BC7-4EA9-4643-A4B3-BB7C4F69287A} - C:\Program Files\RNmail\RN_IE_Add_On.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [THGuard] "C:\security\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kasper\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ActiveTracker for Outlook Express] C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone\zlclient.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [PrevxOne] "C:\security\prevx\PXConsole.exe"
O4 - HKLM\..\Run: [RNmail] "C:\Program Files\RNmail\rn.exe" /path "C:\Program Files\RNmail"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [PluckSvr] C:\Program Files\Pluck Corporation\Pluck\PluckUpdater.exe /startplucksvr
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: maxmem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Snipe It with BidNip -
http://www.bidnip.com/members/reg_snipe.php
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll
O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121230767140
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) -
http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.172610463641753&file=stamps.cab
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kasper\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx - C:\security\prevx\PXAgent.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu Pty Ltd - C:\security\EmuArmor\OnlineArmor.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
