0

Hey again all. I know I already posted a problem about my computer "freezing" when windows is booted up (on June 30) but it is now July 8 and I have still not fixed the problem.

I am running windows xp home edition version 2002 w/ service pack one(1). Intel pentium 4 cpu and 512 MB of ram.

Ok after having this problem manifest itself I entered selective startup to figure out what was wrong. I found out that if plug and play was enabled under services the computer would slow to a snails pace when I loaded windows. So slow that it would appear to be frozen. However I could still move the mouse around. Normal icons and keyboard functions were null however.

In my last post it was suggested that a recently installed driver (keyboard) could be to blame but I have since restored all drivers to previous states and the problem is still occurring. I also thorougly checked the machine after that and found the backdoor trojan 'subseven' but have removed all of its spawn such as msr.exe (I think so) and STILL have the problem.

When loading the computer in safe mode everything works fine and there are no problems, BUT when I check in msconfig and services plug and play is running... if plug and play is what is causing the problem and its running when I load in safe mode shouldn't safe mode not function as well?

I know this is a long post but if I eventually get this problem fixed I promise I will write a full report on how it can be done for any other people who end up having a similar problem. :D

On a final note, If anyone requires additional information about my hardware or software specifications (that would assist in this issue) or anything else please feel free to ask.

5
Contributors
13
Replies
15
Views
13 Years
Discussion Span
Last Post by DMR
0

I think you should go tothe security section of this fourm and post a hijackthis log ,
get hijackthis here and post a log in security section .
Here's how to post a Hijack This log - the whole spiel, with (hopefully) every eventuality covered... :

Go to http://www.majorgeeks.com/downloadget.php?id=3155&file=9&evp=3304750663b552982a8baee6434cfc13 , and download 'Hijack This!'.
When downloading, choose "save to disk" and NOT open!

Now this download is a *.zipfile, which means you need to decompress it with a utility like WinZip

Many downloads come in the shape of a compressed file, so it's an indispensible tool, really.
It has an evaluation version which you can use for a month or so
Here's a tutorial. It's extremely easy to do.

Now create a new folder for it, C:\Hijackthis, for example.
After unzipping the file to C:\Hijack This, you'll end up with the file itself, which is Hijackthis.exe, and that's the one you'll need to doubleclick.'

When the program launches, hit the "Scan" button
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, and save the log anywhere you like.

Now if you doubleclick the log file, does it open in Notepad?

If so, go to Edit > Select all, then to Edit > copy.
Now you've copied the entire text to the Windows Clipboard (this happens behind your back.)

Next, go back to this forum thread, and click "Post Reply".
In an empty area click your RIGHT mouse button, and choose 'Paste' from the context menu.
And voila, there's your Hijack This log.

NOTE: Should the log not open in Notepad by default, do this:

. Highlight the logfile by clicking on it once
· Hold down the shift key and then right-click your mouse
· Select "Open With" from the menu
. Pick Notepad.exe.

Be sure to check the box, "Always use this program to open these files".

· Click "OK" and you are all done!

0

Logfile of HijackThis v1.98.0
Scan saved at 3:10:42 PM, on 7/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://static.vpptechnologies.com/playfulsearch/results.html?s=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://static.vpptechnologies.com/playfulsearch/results.html?s=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://static.vpptechnologies.com/playfulsearch/results.html?s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://static.vpptechnologies.com/playfulsearch/results.html?s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\System32\winhot32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\System32\winhot32.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WordPerfect Family Pack 519] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="WordPerfect Family Pack 5" /date=071904 serial=FP05WRD-0120447-BTR
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab

0

I had a computer that had similar slowness issues and it wound up being a combination of the video driver and the mouseware driver from logitech. Since you say it doesn't do this in safe mode, I'd definitely disable all the start up items, i.e. Direct CD & Logitech Mouseware and possibly uninstall your video card drivers and just see what happens.

0

No, you were suppost to go to the security section to post the log ,

Edit : i seee you posted in the security section ,so no need to move this one!

0

Since you say it doesn't do this in safe mode, I'd definitely disable all the start up items, i.e. Direct CD & Logitech Mouseware and possibly uninstall your video card drivers and just see what happens.

Disabling those items one at a time might let you pinpoint the exact problem.

The Plug-N-Play behaviour could be due to a conflict between PNP and some other application or process. In other words, PNP itself might not be the problem; by disabling it you are eliminating the conflict, but you're doing it by disbling the wrong half of the conflict.

0

Is it really nessary to have two AV programs running?

Not only not necessary, it's not recommended either- they can conflict with each other.

0

Thanks to QT for you ideas on start up items and thanks to DMR for your ideas on conflicts with plug and play and not necessarily plug and play itself. I disabled all start up items and left plug and play enabled and the system ran fine. I will now go through the list and find out what is causing the problem and conflicting with plug and play. Thanks for all the help. :cheesy:

0

Cool. Just re-enable each item one at a time and you'll be able to narrow it down to the offending item.

0

The problem is... well.. was :) . KBD.exe , not sure what that is but everything works fine now that its disabled and i put the sledge hammer away from the computer :eek:

0

Glad you got it figured out fairly quickly. :)

Here's a little info on kbd.exe:

kbd.exe is usually an optional program which is related to the functionality of keyboards with enhanced "multimedia" keys. HP and Logitech are two companies I know of which use a kbd.exe file in the software associated with some of their keyboards. While optional, the multimedia keys probably won't work without it.

0

While optional, the multimedia keys probably won't work without it.

Yeah the keyboard is HP and the multimedia keys on the keyboard are still working with KBD disabled thankfully. Looks like this ones all wrapped up. I'm relaxing now lol , thanks guys. Maybe now I can switch to offering help on the forums instead of needing it for a while.

0

You might at some point discover that some enhancements to those keys won't be available without kbd.exe, but if they basically work for you without kbd.exe, that's great- just leave it disabled.


Maybe now I can switch to offering help on the forums

LOL. Go for it- We can use all the help we can get! :mrgreen:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.