System Slow, Hard Disk LED on continuously

Posted on 2004-08-27
Last Modified: 2011-10-03
Did have WinKA.exe etc running, deleted it by using HiJackThis, fixing the processes, then rebooting to Safe mode, then deleted the C:\Program Files\WindUpdate\ Folder.

However, system still slow, any ideas, here is my latest Hijackthis log.


Logfile of HijackThis v1.98.2
Scan saved at 14:19:30, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\Download\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

Question by:Lovebug69
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
LVL 65

Expert Comment

ID: 11912923
Hello Lovebug69 =)

Download these tools and install them:
AdAware ==>
SpyBot  ==>
SpySweeper >>
SpywareBlaster >>
CoolWebShredder ==>
Stinger >>
then Fix the following entries in Hijakcthis !!!!

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

Then Disable ur Messenger Service if its running >>
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.

Also u have so many Startup entries in Start>Run>msconfig>Startup list
u can disable the ones u dont want to start and run at startup :)

LVL 32

Accepted Solution

LucF earned 500 total points
ID: 11912966
one to add to that list to remove:
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
LVL 65

Expert Comment

ID: 11920356
Lovebug69 ..... will u plzz come back for a second, and tell us the Reason of ur Accepted Answer.... ??
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 21

Expert Comment

ID: 11923156
I had similar kind of the problem and I refered SheharyaarSaahil's solution and it worked.
I was assuming that his answer will be accepted.
LVL 21

Expert Comment

ID: 11923167
hello LucF no offence pls nothing against you buddy.
Just a note from person who was following this thread.
LVL 32

Expert Comment

ID: 11923221
No problem pinaldave :o)

I'd be happy with a split on this question.

What might be the reason for this happening is that bargains.exe is known for a lot of disk activity (indexing of some kind?), so that entry was probably the moment the disk activity stopped when removed.
I would like to post some concerns to ShehaarSaahils posting also.

>>CoolWebShredder ==> <= I see no CoolWeb trojan here... do you?
>>Stinger >> <= I see no virus here, and certainly not one Stinger will be able to fix

>>Then Disable ur Messenger Service if its running >>
Why? Some people NEED this, like I do on my network to get notified by Inoculate IT! Leave this decision to the askers, if they mention they're having messenger popups, the best solution is a Firewall, not a disabled service!

>>3. Run the AntiVirus tool and delete all viruses it found
Do you see any virusses?

What you posted contains just TMI (too much information)
All I'm wondering about is, as you're around all the time, how hard can it be to just cut down your postings. All you added this time to your C&P is three lines.



p.s. Still, I'd be happy with a split of points, I have no objections.
LVL 65

Expert Comment

ID: 11923338
Does running CWShredder and Stinger, even if they find nothing is BAD ??
i run them weekly, even when they come as CLEAN.... but it asures me that system is really clean..... !!!!

If the person needs messenger service, he will never turn it off.... but most of the people dont know even what this service is,,,, did we know if Lovebug69 is among them or not !!!!!

but ofcourse not all people can think like this,,,, can they,,,, nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!

Every person in this world has his own rights and ways to troubleshoot a problem, and NO-ONE else has any right to criticize
him\her..... and even then, when he is not WRONG..... If u dont like a thing, its ur problem, and not of the second person's.... ur feelings and thinkings are only concerned with u,,,, why to bother the second person..... !!!!

When u can do the things which u like and how u like,,,,, he can also do.....
and when he is not saying anything to u,,,,, its NOT fair that u always go behing him and say anything to him what u want..... even when he has warned u so many times to not BOTHER him !!!!

I have my own ways and i TRUST them.... i dont care if only one person in a million dont like them..... but plzz keep ur dislikeness to urself... and leave criticizing me again and again,,,,, i dont know abt u,,, but atleast im fed of these things !!!!!!!
LVL 32

Expert Comment

ID: 11923562
It was, as in many cases meant as an "advice"
You take it or leave it, I can't care less.

Please leave out the exclamation marks against me, it looks rude.

>>nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!<<
I'm only pointing out concerns, I'm not critizising you in any way, you've been helping a lot of people around EE and I hope you keep doing so.

That's all, thanks for listening,


LVL 65

Expert Comment

ID: 11923667
>> Please leave out the exclamation marks against me, it looks rude.
ok if they look rude, then im sorry for that, will never use them again :)
LVL 32

Expert Comment

ID: 11923676
Thanks :)

Author Comment

ID: 11925505
Listen, All I wanted was some advise as to how to stop my problem, im no novice when it comes to computers, I actualy repair and work on them as a profession. Although as with all fields there are specialists in certain areas i.e. virus and spyware protection.

I am grateful for the replay I recieved, it enabled me to solve the problem on my own pc. I know about messenger service etc. and after all how many people actualy use it? apart from recieving those nasty popups if you dont have the proper firewall/ad blocking software installed. I was grateful for the advice about the amount of startup progs I have, but its down to me what i have on my pc. just sometimes you never get round to doing these things (one of the reasons I got the bloody thing in the first place was because I didnt run the anti-spyware often enough. I did however take the opertunity while i was trying to solve the problem on my pc by removing the startup entries in my registry, yes I know where they are.

Thanks LucF !
LVL 65

Expert Comment

ID: 11926485
thanx Lovebug for coming back and explaining :)
but still u have not told the MAIN thing..... was removing only that single entry solved ur Whole problem..... means all was well on ur system except that bargains.exe process :-?

Author Comment

ID: 11930158
No, i got rid of bargains.exe
LVL 65

Expert Comment

ID: 11931824
never mind,,,,, just leave it.... =\

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dell Latitude D610 will not boot up. 71 218
outlook PST max size limit 3 142
FastLynx NT Device Driver is not installed 9 118
Event ID 1054 Userenv 2 61
If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question