|
| ||
| Whats wrong with my computer??? I have no idea whats wrong with my computer... My RAM is through the roof and for seemingly no reason... This is a problem that I have had many times and each time its taken a different solution to fix. (the last two times its been the svchost and IE) this time its a host of programs that are taking up more ram then usual... I have 1.25 gig of ram, so... well you get the point. My Internet connection is extremely slow, and I have no idea as too why... As a side question: Is there a program I can download to verify that my drivers are all up to date? Below is my hijackthis log... Please Help, Thanks in advance... Logfile of HijackThis v1.99.1 Scan saved at 10:35:30 PM, on 1/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE C:\Program Files\Apoint\Apoint.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Chaim\Desktop\Tcpview.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Chaim\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www,google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Healthcare Engineering Service Solutions, Inc. O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05 \bin\npjpi150_05.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1 \INetRepl.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1 \MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe |
| ||
| Re: Whats wrong with my computer??? I glanced over it, everthing looks fine... howerver; I do see a few programs running 2x C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE also, what is running in NTVDM? I also notice ActiveSync running? could it transferng data? C:\PROGRA~1\MI3AA1~1\rapimgr.exe I think you just have to many services running... do you really need Microsoft AntiSpyware, mcafee, winpatrol all running at the same time? also, how much ram is being used? its hard to beleive that all that ram is being used. |
| ||
| Re: Whats wrong with my computer??? [QUOTE=BinaryMayhem] also, what is running in NTVDM? I also notice ActiveSync running? could it transferng data? C:\PROGRA~1\MI3AA1~1\rapimgr.exe QUOTE] Whats NTVDM? Thanks for the help... :mrgreen: |
| ||
| Re: Whats wrong with my computer??? 1. NTVDM (NT Virtual DOS Machine) is a Windows component which provides a mechanism for running older 16-bit programs on newer (32-bit) versions of Windows. If you are not running such legacy programs, NTVDM shouldn't need to be running either. 2. It is normal to see multiple instances of certain Windows processes such as svchost and lsass running simultaneously. Those processes are responsible for managing categories of other Windows components such as network and security-related services. Because of that, you'll see one instance of the processes running for each group of services that it is managing. The underlying problem of svchost appearing overly memory-hungry is usually an issue with one of the processes/services which svchost is mannaging. Because svchost manages several sub-processes, the fix for the "memory hogging" depends on which actual process has run amok. 3. The ActiveSync process is for synchronizing certain handheld devices with your computer. If you're connecting such devices to your computer, you should leave it running, but if not, ActiveSync can be disabled. 4. BinaryMayhem is right about your log in general- there are no signs of anything malicious or abnormal. 50+ running processes is a bit on the high side, though; do you absolutely need to have programs such as Borland's InterBase server running? |
| ||
| Re: Whats wrong with my computer??? First off, Thank You for the assistance... I hope you dont mind, but I will respond in reverse... 4. What do you suggest I disable? What is the best way to do it? I have already disabled borland via msconfig, what else shoudl i remove, and should I be looking elsewhere for startup programs/processes? 3. I do have a Handheld that I sync, but i have disabled Activesync form startup and will start it manualy when I require it. 2. I understand SVCHOST's function although I am unsure of the proccess of determining which sub-process is causing my problem. 1. How do I determine if anything is running under NTVDS? Once again Thank You. |
| ||
| Re: Whats wrong with my computer??? 1. Detemining which services/processes/programs are being handled by each instance of svchost isn't the easiest thing to do, and it does take some knowledge of Windows internals to figure out exactly what's going on. Windows' Task Manager is pretty useless in this regard, but there is a freeware program called Process Explorer which displays process dependencies in a way that we mere mortals can somewhat understand. 2. As far as which startup processes can be safely disabled, you can get a fairly good idea of that yourself (I don't have time to go through your entire process list for you right now) by looking up the names of the .exe files at this site. |
| All times are GMT -4. The time now is 11:00 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC