gazruss
asked on
Something's afoot
Hi guy's. Went to a trade show, while away wife & kids had access to the pc. When i get back there is something wrong, It seems like it is full of crap files. System is a P4 3.0 ghz, 1ghz of ram. WINXP PRO all service packs installed. running Norton systemworks 2003, Norton antivirus 2004, ad-aware, Pest PAtrol, & Spybot, the system just feels different, things popping up, internet explorer freezing, or running slow.
HELP
here is the hijack this log.
Logfile of HijackThis v1.97.7
Scan saved at 9:28:03 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Ahead\InCD\InCDsrv.e
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\System32\MsPMSP
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELP
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\
C:\Program Files\Creative\ShareDLL\Ct
C:\Program Files\Logitech\iTouch\iTou
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnath
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
C:\Program Files\Logitech\MouseWare\s
C:\PROGRA~1\PESTPA~1\PPCon
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\Cooki
C:\Program Files\Creative\ShareDLL\Me
C:\Program Files\Mozilla\Mozilla.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bi
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Handspring\HOTSYNC.E
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\Hijack This\hijackthis\HijackThis
R0 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PR
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\Ct
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTo
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridg
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.e
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Mozilla\Mozilla.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.E
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bi
O4 - Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O4 - Startup: OEXCheck.lnk = C:\Program Files\Express Assist\EA2Check.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bi
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6
O16 - DPF: {88D969C0-F192-11D4-A65F-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
HELP
here is the hijack this log.
Logfile of HijackThis v1.97.7
Scan saved at 9:28:03 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Ahead\InCD\InCDsrv.e
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\System32\MsPMSP
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELP
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\
C:\Program Files\Creative\ShareDLL\Ct
C:\Program Files\Logitech\iTouch\iTou
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnath
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
C:\Program Files\Logitech\MouseWare\s
C:\PROGRA~1\PESTPA~1\PPCon
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\Cooki
C:\Program Files\Creative\ShareDLL\Me
C:\Program Files\Mozilla\Mozilla.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bi
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Handspring\HOTSYNC.E
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\Hijack This\hijackthis\HijackThis
R0 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PR
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\Ct
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTo
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridg
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.e
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Mozilla\Mozilla.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.E
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bi
O4 - Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O4 - Startup: OEXCheck.lnk = C:\Program Files\Express Assist\EA2Check.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bi
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6
O16 - DPF: {88D969C0-F192-11D4-A65F-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sadly, back-leveling these components is not allowed.
When searching support forums for why 2.0 is not as good as 1.0, this is the continual response:
Quote: "This feature is by design"
:D
When searching support forums for why 2.0 is not as good as 1.0, this is the continual response:
Quote: "This feature is by design"
:D
ASKER