dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
100% CPU usage & hardware interrupts.......2
Have something to say? Contribute New Article Reply to this Article 100% CPU usage & hardware interrupts.......2
Hello, there is a lengthy thread titled, "100% CPU usage & hardware interrupts", that i posted last year. If you skim through that, you will know what problems i had. I did not manage to fix the problems & had to do a format & start from scratch. Normally i get an expert to do that, but i had a go & was completely successful & it got rid of all the problems too.
Trouble is, IT'S BACK AGAIN. This is now the 4th time the exact SAME problems are back. Normally, after a reformat the problems occur after about 2 to 3 months, but this time we have lasted 6 months. I have run Nortons, CW Shredder, Spybot, Adaware, Registry Mechanic, & PC Medic. These have found NO PROBLEMS & tell me the system is completely clean. So i really do not want to go down the road of looking for viruses/ adware/spywear/trojans etc. because there are'nt any present. I'm not going to continue on this thread, but would like to have a few days trying to solve the problem as i'm fed up of having to start from scratch every time this problem re-appears.
So come on then! I will try any suggestions that may appear on here. I will leave it about a week, & if there is a list of suggestions, i will try them all, then, if not successful.....do a reboot.
The following is a list of all of the symtoms of this horrible thing. Please do not think there maybe several different causes or several different faults causing these symtoms. IT IS DEFINITELY THE ONE THING. One day, everthing is 100% OK. Then suddenly it's back again. Here goes..........& a prize for the winner.
1. Problem usually re-appears suddenly after about 3 months of a format.
2. After switching on the PC, when it gets to the "user name" screen, the curser will jump & skip to the edges of the screen. I will have to wait about 20 seconds until the "user name" boxes light up, then i can control the mouse ok to click on a user.
3. Then when the PC is booting up to show the desktop, the standard microsoft welcome music will miss, distort & crackle. Someone, last year suggested i go to controll panel options & turn off the welcome tune! BRILLIANT IDEA! Hehehe.
4. There is 100% CPU usage when opening absolutely anything. Multi-tasking is out of the question. There is no way, for instance to open a doc. or surf the web whilst playing music, the music will stop & start until the other task is completed.
5. When typing in a familiar web address in the usual place at the top of the screen, there is the AUTO COMPLETE that fills the remainder of the address for you. When i type in the www. + a few letters, then i've got to wait 15 seconds before the auto complete does its job.
6. When either windows update or nortons update is on the go, it tells me i can carry on working while the updates are being done. WRONG! i've got to wait until they have finished because all of the PC's resources are being used & cannot do a thing until they have finished.
7. Downloads are fast, & the computer does not ever crash & web surfing is fast......until i ask the PC to do something else at the SAME time.
I've gone to msconfig & started the PC with just the bare essentials but the above problems are still there.
Before i did the last format, i uninstalled & erased just about everything possible one by one to try and find the culprit. But the problems were still there until i did a format.
Un-installing BT Broadband made things a lot better, maybe 75% better, but still did not fix the problems entirely, so it can't really be that, after all, the PC is completely fine for about 3 months with everything installed. Also, uninstalling Nortons anti virus eases, but does not get rid of the problems & same again, it can't be Nortons causing it as everything is completely brilliant for 3 months.......(6 months this time), with everything installed.
Using windows XP & all other operating system can be found on the other thread from last year...."100 cpu usage & hardware interrupts".
Like i said, i won't be continuing with this thread, but would appreciate some suggestions, even some 'stabs in the dark', some educated guesses..........anything at all i will try & will get back to tell you which one did the trick!
Cheers!
"Silent Runners.vbs", revision 38.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"System Mechanic Popup Stopper" = ""C:\Program Files\System Mechanic 4 Professional\PopupStopper.exe"" [empty string]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"IEDriver" = "C:\WINDOWS\System32\IEDriver\IExplore.exe /U" [file not found]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"GSICONEXE" = "gsicon.exe" ["GlobespanVirata, Inc."]
"DSLAGENTEXE" = "dslagent.exe USB" [null data]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"Media Access" = "C:\Program Files\Media Access\MediaAccK.exe" [file not found]
"Lexmark 2200 Series" = ""C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"" ["Lexmark International, Inc."]
"Ulead AutoDetector v2" = "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{EBDF1F20-C829-1010-8233-0020AFCE97A9}" = "iolo File Terminator"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SYSTEM~1\SEARCH~1\FILETE~1.DLL" ["iolo technologies, LLC"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{EA588C8B-066E-4220-91D5-F921AA603DF4}" = "NOMAD MuVoShell Hook"
-> {CLSID}\InProcServer32\(Default) = "MuVoh.dll" ["Creative Technology Ltd."]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Leona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Startup items in "Leona" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Leona\Start Menu\Programs\Startup
"PVR Console" -> shortcut to: "C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe" [empty string]
"PVRIIWatch" -> shortcut to: "C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe" [empty string]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"BT Broadband Help" -> shortcut to: "C:\Program Files\BT Broadband\Help\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"BTTray" -> shortcut to: "C:\Program Files\Belkin\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
"eLifeWatcher" -> shortcut to: "C:\Program Files\e-Life Pal\bin\eLifeWatcher.exe" ["Mustek System Inc."]
"PI Monitor" -> shortcut to: "C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe -r" ["Arcsoft, Inc."]
"PVR Console" -> shortcut to: "C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe" [empty string]
"PVRIIWatch" -> shortcut to: "C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe" [empty string]
"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1A00C40B-DA85-4AA3-A67F-582D9347EECD}\
"MenuText" = "MaxSpeed"
"Exec" = "C:\WINDOWS\System32\td.exe" ["Verticity"]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Bluetooth Service, btwdins, "C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSvcCDA.EXE" ["Creative Technology Ltd"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]
SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
---------- :cheesy:
Logfile of HijackThis v1.99.1
Scan saved at 00:31:18, on 27/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\System Mechanic 4 Professional\PopupStopper.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe
C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/uk/*http://www.yahoo.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnialogin.passport.com/ppsecure/md5auth.srf?lc=2057
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IExplore.exe /U
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\System Mechanic 4 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PVR Console.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe
O4 - Startup: PVRIIWatch.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: eLifeWatcher.lnk = C:\Program Files\e-Life Pal\bin\eLifeWatcher.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: PVR Console.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe
O4 - Global Startup: PVRIIWatch.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/67yf61fg.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22028cf73f1c2c016223/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_4/controls/ybrequest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE7FB8E-C747-4114-8E4D-2B14EE328B75}: NameServer = 194.74.65.68 194.72.9.39
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Can't believe all of this! You must be brainy. Cheers! dlh.
Well, I see a few things there that should be corrected, but nothing that really explains (to me) why the problem keeps reoccuring.
This may help with the problem, but no guarantees... Scan with HijackThis and have it fix the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/...www.yahoo.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IExplore.exe /U
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/67yf61fg.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D.../bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/r...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22028cf...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_4/controls/ybrequest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
Have hijackthis fix this O17 entry only if it does not belong to your ISP --
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE7FB8E-C747-4114-8E4D-2B14EE328B75}: NameServer = 194.74.65.68 194.72.9.39
Close any open windows, other then hijackthis, before hitting Fix checked.
Go to the following locations and delete the highlighted file and folders:
C:\WINDOWS\System32\td.exe
C:\WINDOWS\System32\IEDriver
C:\Program Files\Media Access
Empty your Recycle Bin, reboot, close any open browser windows, scan with HJT, and post a new log please. Also, let us know if there is any improvement.
By the way, make sure Norton is up to date; it should have picked up on some of these.
dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
Looking through the list there are a lot of things important like: O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class & R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page & a few other things we definitely use. I always thought that 'Hijack This' was a dangerous tool to use (unless expert). So if i tick all from that list will they be REMOVED or just fixed? I'm a bit confused by this.
Also, i'm not sure if No. 017 on the list belongs to our ISP! How can i find this out?
I'm going to do a full Nortons scan as you said it should have picked some of these things up. Admittedly, i ain't done a nortons scan for about 6 weeks, the last time it ran it found just a couple of cookies that were nothing but it removed them anyway. Then the problems began about 2 weeks later. Doing a nortons scan will not fix the one problem we keep on getting but seeing a full scan is overdue, i'll do one before i fix/remove the items from the list with Hijack This.
Cheers
O16 entries are safe to be fixed with hijackthis, they will be removed, but any legit ones will be restored next time you visit the site; it's just easier (and cleans up the log more) if they are all fixed rather then researching each one to seperate the good from the bad.
The easiest way to find out about the O17 entry is to contact your ISP and ask if that IP address is theirs.
Post a new log after the Norton scan and fixing the noted HJT entries :)
dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
I may sound thick here but the legit entries that Hijack This removes will be restored the next time i visit the site? Which site is this? Is it the symantech windows update site?
errrrm! please ignore the previous post as i realise what you mean (after removing all of those from your list with Hijack This) i had to re-set the home page coz i got "about blank' appearing. So there maybe some things we got to redo when we next visit sites or whatever.
The Nortons full system scan found absolutely ZERO which is good news, & another reason not to dive straight in & back up everything, wipe the PC clean & start over again........just for this problem to re-occur in 3 - 4 months time.
Strangely, the 017 entry never appeared again! I have NOT removed it, as it wasn't there to remove when i scanned with Hijack this in order to remove your suggested items.
I switched off & on again before posting this latest HJT scan & the crackly 'start up music told me the problem was still there'. Just to make certain, i played some music THEN opened a word doc.......the word doc took one minute to open & the music stopped & started until the doc was opened fully. This happens no matter what i go on....whether i open the calculator or connect to the net.......if it's 2 things im doing at once the PC goes to 100% usage for 30 secs to a minute. If i then close both things then opened the SAME ones together its fine! In other words if i spent a month on the pc without switching it off & opened every combination of every possible application the PC would run fantastic. (excluding the fact it would obviously run out of memory of course). Just trying to give you some clues without going on too much!
With the list of symptoms at the start of this thread i missed one out. That is, when i play video....whether its a game or pop video played straight from disk or whether its something thats been downloaded, the picture freezes then jumps foreward & catches up a second later...(like you see occasionally on them 30's & 40's black & white movies. It does this every 4 seconds or so. This is all part of the same problem. It's not the sound card or graphics card or anything like that coz everything is completely ok for about 3 - 4 months (6 this time), then WHAM! i gotta sadly wipe the whole thing off & start again which is a pain. The whole PC is affected, not just sound & vision. YET, i go on a certain site where speed is of the essence & the PC is a winner on that score, so i don't know what the heck is wrong.
This is a monster, i hope to get to the bottom of this. I've told you all of the symptoms, it is definitely just a single culprit but has many side effects.
Just wondering, there is a 'repair' option on the windows disk. Don't know if i chose that after putting it in the drawer or if you go through bios & boot up with the Windows disk, but could that solve it? & would we lose all our files & settings using this option?
Here's the HJT list after removing that list you gave me
Logfile of HijackThis v1.99.1
Scan saved at 04:51:07, on 29/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\System Mechanic 4 Professional\PopupStopper.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/uk/*http://www.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnialogin.passport.com/ppsecure/md5auth.srf?lc=2057
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\System Mechanic 4 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PVR Console.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe
O4 - Startup: PVRIIWatch.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: eLifeWatcher.lnk = C:\Program Files\e-Life Pal\bin\eLifeWatcher.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: PVR Console.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVR2.exe
O4 - Global Startup: PVRIIWatch.lnk = C:\Program Files\PVR HD Series\PVR_Console\PVRWatch.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Just wondering, there is a 'repair' option on the windows disk. Don't know if i chose that after putting it in the drawer or if you go through bios & boot up with the Windows disk, but could that solve it? & would we lose all our files & settings using this option?
What you are referring to is an in-place upgrade (aka repair installation); instructions can be found here: http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp
You shouldn't lose any files or setting but, as always, it's best to have everything backed up just in case. It's possible that could resolve your problem without having to reinstall Windows.
However, before you try that, have you tried using System Restore to return your system to a point prior to when you started having this problem? If you do this, you may need to remove the things we just cleaned off again because they could be a part of your restoration.
dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
Yes i did system restore 3 weeks ago as soon as this thing appeared again. The system restore was successful but it made no difference. Do you think that repair would fix it? & if so, why do you think folk do a full format when there is a repair option on the windows disk that come with PC's.
Other than that, have you ant more ideas?
Yes i did system restore 3 weeks ago as soon as this thing appeared again. The system restore was successful but it made no difference. Do you think that repair would fix it? & if so, why do you think folk do a full format when there is a repair option on the windows disk that come with PC's.
Other than that, have you ant more ideas?
I don't know if the repair will correct your problem because I don't know what the problem is.
Many people, I believe, do a full format because they don't know the Repair option exists, or they don't know how to use it. Also, as far as I know, the Repair will not remove any malware, it will only fix and replace corrupted and missing Windows files.
I do have one other suggestion, but since I don't know a lot about it, I can only get you started, and then turn this over to one of our other members who is more familiar with it.
Please do the following:
Open theEvent Viewer utility in your Administrative Tools control panel.
In the Event Viewer, look through the System and Application logs for entries flagged as Warning or Error; double-clicking on any of those entries will open a "details" window with more information about the error/warning. If you find any entries that seem to relate to program hangs/crashes or anything else related to the problems you're having, post the full and exact contents given in the detail windows.
dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
caperjack
I hate 20 Questions
Team Colleague
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
Caperjack, surprise to see you pasted in the start of this thread! Is it because it's still continuing? Can't help it!
I opened a word doc, (doesn't matter what i go to, it can be anything & it's still 100% usage & painfully slow). I noticed smc.exe & svhost.exe were taking up a lot of usage. WINWORD.EXE went to 62 for about 10 seconds during the 45 seconds it took before the new word doc appeared fully.
I then did the same thing but this time looked at 'performance' instead of 'processes' & noticed cpu usage at 100% til the doc finally opened.
I've run spybot, cw shredder & adaware again & they congratulate me for having a clean machine. Did another full sysyem scan with nortons & it scans 150,000 files & folders & everything else on both partitions but finds absolutely nothing.
A format fixes the problem for approx 4 months but i'm gonna hang on another week & hope some bright person comes up with a solution.
Ta.
I bumped into your old post just today because I had the same problem too. Well, surprisingly I managed to solve this. :mrgreen:
Windows process explorer said there are no active processes, but CPU usage was still at 100%. So I went to good old www.sysinternals.com and picked up their Process Explorer. It said no program is indeed active, but there was a quite active slot named 'Interrupts' (@80-100% all the time). In the old post someone suggested this is a hard drive related problem.
Rebooting or waiting over night didn't remove the problem and after trying everything from complete clean install to tweaking about every setting tweakable, I was about to boot the HDs out of my window. Luckily didn't.
The mainboard is has nForce3 250Gb chipset (same as you do?). The problem was with nVidia IDE driver. After installing the nVidia drivers the problem didn't occur right away but after the system had had time to heat up. (20 hours straight on) Solving the problem was just removing nVidia's IDE driver and using the standard from WinXP.
After the driver switch there were some slight problems with the 2 SATA drives which were fixed by just switching ports. From slots 1 and 2 to 1 and 3, since 1 and 2 are under the same controller and 3 and 4 are under another. It seemed like the system had lost control over power saving and shutted down the HD in port 2 randomly. In port 3 the problem didn't exist.
The IDE drive never caused trouble but as far as my system goes, nVidia's IDE SW drivers and SATA drives don't mix. Should they? :eek:
Might help too if you listed what your system has for mobo/chipset/cpu/mem/video card.
---
Note: I didn't really bother to read all the posts in this or the old post. This is a fresh shot in the dark, but nevertheless might give some clue.
Anyway, if the Windows Task Manager can't show what's causing all the usage, That Sysinternals' Process Explorer will. If there is a program causing all the slowness, it will be shown. My guess is however, that all the usage percentage is on Interrupts, which would mean that there is some conflict with hardware or drivers that's pretty much turning your computer into scrap.
If the problem isn't with the hard disk, it is still probably related to drivers. If it was a pure hardware conflict, it's quite odd that the problem disappears with clean install.
My finger points at your chipset drivers. :) The newest aren't always the best. If the Windows' own driver won't do the trick, could be a good idea to check the motherboard's own homepage for drivers.
Thanks, i will try that link & see what happens. The rest of it is beyond me, i don't even know if i've got that nVidia IDE driver, what do i do to find out?
The problem is, as the P.C. info tells me, is 'hardware interrupts' & i can only get rid of the problem with a clean installation/format. Yet, the same problem with it's usual several symptoms comes back after 3 to 4 months, SUDDENLY. The P.C. users tend to keep a check on what they did or which sites they visited or what new programs were installed the previous day (when it was then 100% OK, & there doesn't seem to be anything that has caused it.
If i had to have an un-educated guess at what causes the problem, well here goes, tell me what you think of THIS!
I occasionally go onto a certain chat site & usually cause a bit of a 'stir', (just in fun of course), but there are certain folk in the chat rooms who get their mate to hack into this computer. The other day someone turned the NORTONS auto protect & email scanning OFF. I quickly exited from the internet in 1 second & did scans with Nortons, Spybot, CW shredder, adaware & scanned the registry but ther was nothing there. Also, Hijack this did not pick anything up. I went to a site that scans for trojans & open ports, security risks & it did not come up with anything.
Soz about all this, but it does happen with these chat sites, they can cause problems with your PC, one guy even wrote my password in a live post in the chatroom about 6 months ago, it's amazing to me how they can do it, why they do it, & how to prevent it happening. I've got up to date virus definitions, anti-virus program & a firewall...........some good they are doing!
I'll have a go with that link you gave me & get back to you, if no joy, i'll do a fresh format etc. Do you thing it would be worthwhile buying another hard drive? Yet, after saying that, the PC/ hard drive & everything is just completely brilliant for a few months after redoing it all. I'm confused.
Cheers Maggoth
Thanks, i will try that link & see what happens. The rest of it is beyond me, i don't even know if i've got that nVidia IDE driver, what do i do to find out?
You probably have 'nVidia drivers' in your Add/Remove Programs list. Uninstall the IDE driver, leave the rest. Which chipset does your motherboard have?I occasionally go onto a certain chat site & usually cause a bit of a 'stir', (just in fun of course), but there are certain folk in the chat rooms who get their mate to hack into this computer. The other day someone turned the NORTONS auto protect & email scanning OFF.
Personally, I've never trusted Norton Av/Fw. I had the version 2004 and it tended to shut down on itself sometimes. Whether it was a program error or caused by someone, I don't know. Didn't have any problems that I could see though afterwards.Soz about all this, but it does happen with these chat sites, they can cause problems with your PC, one guy even wrote my password in a live post in the chatroom about 6 months ago
This could actually mean switching to another firewall... Kerio or such... And how well do you know your firewall settings? Norton's easy to use interface is in my opinion a security threat and will backfire sooner or later. And those web chat rooms tend to have security issues because they often require running active content... certain chat rooms? There is a certain chat room that causes the problem after a good 'stir'? :) If you think there is a connection, would suggest not going there. :mrgreen:
I don't think buying a new hard drive will do any good unless there are strict symptoms of a retiring HD. Windows crashing and giving errors too often. Plain slugginess is not really enough. How much free space do you have on your HD by the way?
Also, these programs you listed, Spybot for example isn't the most effective spyware tool. Try Spy sweeper instead. It's not free but you can use it on trial base for a while. Read some review that praised it golden.
And one another program that I personally recommend is Windows Crap Cleaner. And which browser do you use?
Does your computer boot normally until the windows asks to choose a profile?
caperjack
I hate 20 Questions
Team Colleague
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
Thanks all. I'll get back in about 5 days. Got a lot of 'newish' things to sort out. Will go through it all & send as much info as possible.
Ta.
This question has already been solved
You
© 2012 DaniWeb® LLC
