busy hard drive?

  johnnyrocker 12:13 21 Nov 2004
Locked

when i launch IE my home page (which happens to be hotmail)opens ok but it is at least 30 secs to a minute before i can use any of the links on it, it's as if the machine is busy doing something else and i also get periodicaly my mouse pointer stuttering as if it's catching up so to speak, ran adaware/spybot and have updated spyware blaster on board any ideas please?


johnny.

  Jeffers22 12:21 21 Nov 2004

Post a hijackthis log and with a bit of luck nellie2 will give you the benefit of her expertise. Also, try Opera or Firefox and see if you get the same problems. Opera is my own choice - it is quicker, more customisable and more secure than IE.

  johnnyrocker 12:25 21 Nov 2004

how do i get a log?

johnny.

  VoG II 12:43 21 Nov 2004

Download from click here

How to post a log click here

You will probably have to post the log in "chunks" because of the 800 word limit here. Also, please double-space by adding a blank line every other line.

  johnnyrocker 13:02 21 Nov 2004

not sure about the double space bit? here is the first chunk and if i am doing it wrong please advise.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe

  johnnyrocker 13:04 21 Nov 2004

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [mwavscan] "C:\DOCUME~1\STEVEF~1\LOCALS~1\Temp\mwavscan.com" /s
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: ITR Client.lnk = C:\Program Files\AnalogX\ITR\itrc.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

  johnnyrocker 13:06 21 Nov 2004

8E89E1D-83C4-4e3f-A7CB-A42F7EE5D53E} - (no file)
O9 - Extra 'Tools' menuitem: &Popup XP - Add to Web list - {A8E89E1D-83C4-4e3f-A7CB-A42F7EE5D53E} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Omniquad MyPrivacy - {FB5F1910-F110-11d2-BB9E-00C04F795681} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra 'Tools' menuitem: Omniquad MyPrivacy - {FB5F1910-F110-11d2-BB9E-00C04F795681} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - click here
O16 - DPF: Yahoo! Cribbage - click here
O16 - DPF: Yahoo! Dominoes - click here
O16 - DPF: Yahoo! Gin - click here
O16 - DPF: Yahoo! Literati - click here
O16 - DPF: Yahoo! Pool 2 - click here
O16 - DPF: Yahoo! Reversi - click here
O16 - DPF: Yahoo! Spades - click here
O16 - DPF: Yahoo! Word Racer - click here
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - click here
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - click here
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - click here
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - click here
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - click here
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - click here
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - click here
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - click here
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - click here
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - click here
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - click here
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - click here
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - click here
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - click here
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - click here

  Nellie2 13:38 21 Nov 2004

I'm having a look at your log now, I do need to see the header though, that is the bit that tells me which version of hijackthis you are using and what your o/s is etc

Also, whilst you are waiting could you download the trial version of Trojan Hunter and scan your system with it click here let me know if it finds anything

  johnnyrocker 17:40 21 Nov 2004

many thanks nellie2,
the link you kindly provided for trojan hunter does not seem to work too well, i d/load and install it but when it opens to scan a window is there telling me the evaluation has expired and it must be bought

apologies os is xp pro version of hijack is the one kindly supplied by vog.
interestingly when i booted up this evening machine hung saying a bad checksum, (selected f2 and carried on) fonts had changed etc so system restored to yesterday

johnny.

  VoG II 20:36 21 Nov 2004

Can you please post the header at the top of the file. It should look something like:

Logfile of HijackThis v1.98.2

Scan saved at 17:17:14, on 9/11/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Nellie2 20:41 21 Nov 2004

you could try here for a trojan scan then click here

There is nothing in your hijack log that jumps out at me, which makes me think Trojan

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Photoshop CC 2018 released with new Curvature Pen and better brush tools

Camera tips to take better iPhone photos

Les meilleures applications de covoiturage 2017