System Slow, Hard Disk LED on continuously

Did have WinKA.exe etc running, deleted it by using HiJackThis, fixing the processes, then rebooting to Safe mode, then deleted the C:\Program Files\WindUpdate\ Folder.

However, system still slow, any ideas, here is my latest Hijackthis log.


Logfile of HijackThis v1.98.2
Scan saved at 14:19:30, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\Download\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

Who is Participating?
LucFConnect With a Mentor EMEA Server EngineerCommented:
one to add to that list to remove:
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
Hello Lovebug69 =)

Download these tools and install them:
AdAware ==>
SpyBot  ==>
SpySweeper >>
SpywareBlaster >>
CoolWebShredder ==>
Stinger >>
then Fix the following entries in Hijakcthis !!!!

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

Then Disable ur Messenger Service if its running >>
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.

Also u have so many Startup entries in Start>Run>msconfig>Startup list
u can disable the ones u dont want to start and run at startup :)

Lovebug69 ..... will u plzz come back for a second, and tell us the Reason of ur Accepted Answer.... ??
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I had similar kind of the problem and I refered SheharyaarSaahil's solution and it worked.
I was assuming that his answer will be accepted.
hello LucF no offence pls nothing against you buddy.
Just a note from person who was following this thread.
LucFEMEA Server EngineerCommented:
No problem pinaldave :o)

I'd be happy with a split on this question.

What might be the reason for this happening is that bargains.exe is known for a lot of disk activity (indexing of some kind?), so that entry was probably the moment the disk activity stopped when removed.
I would like to post some concerns to ShehaarSaahils posting also.

>>CoolWebShredder ==> <= I see no CoolWeb trojan here... do you?
>>Stinger >> <= I see no virus here, and certainly not one Stinger will be able to fix

>>Then Disable ur Messenger Service if its running >>
Why? Some people NEED this, like I do on my network to get notified by Inoculate IT! Leave this decision to the askers, if they mention they're having messenger popups, the best solution is a Firewall, not a disabled service!

>>3. Run the AntiVirus tool and delete all viruses it found
Do you see any virusses?

What you posted contains just TMI (too much information)
All I'm wondering about is, as you're around all the time, how hard can it be to just cut down your postings. All you added this time to your C&P is three lines.



p.s. Still, I'd be happy with a split of points, I have no objections.
Does running CWShredder and Stinger, even if they find nothing is BAD ??
i run them weekly, even when they come as CLEAN.... but it asures me that system is really clean..... !!!!

If the person needs messenger service, he will never turn it off.... but most of the people dont know even what this service is,,,, did we know if Lovebug69 is among them or not !!!!!

but ofcourse not all people can think like this,,,, can they,,,, nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!

Every person in this world has his own rights and ways to troubleshoot a problem, and NO-ONE else has any right to criticize
him\her..... and even then, when he is not WRONG..... If u dont like a thing, its ur problem, and not of the second person's.... ur feelings and thinkings are only concerned with u,,,, why to bother the second person..... !!!!

When u can do the things which u like and how u like,,,,, he can also do.....
and when he is not saying anything to u,,,,, its NOT fair that u always go behing him and say anything to him what u want..... even when he has warned u so many times to not BOTHER him !!!!

I have my own ways and i TRUST them.... i dont care if only one person in a million dont like them..... but plzz keep ur dislikeness to urself... and leave criticizing me again and again,,,,, i dont know abt u,,, but atleast im fed of these things !!!!!!!
LucFEMEA Server EngineerCommented:
It was, as in many cases meant as an "advice"
You take it or leave it, I can't care less.

Please leave out the exclamation marks against me, it looks rude.

>>nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!<<
I'm only pointing out concerns, I'm not critizising you in any way, you've been helping a lot of people around EE and I hope you keep doing so.

That's all, thanks for listening,


>> Please leave out the exclamation marks against me, it looks rude.
ok if they look rude, then im sorry for that, will never use them again :)
LucFEMEA Server EngineerCommented:
Thanks :)
Lovebug69Author Commented:
Listen, All I wanted was some advise as to how to stop my problem, im no novice when it comes to computers, I actualy repair and work on them as a profession. Although as with all fields there are specialists in certain areas i.e. virus and spyware protection.

I am grateful for the replay I recieved, it enabled me to solve the problem on my own pc. I know about messenger service etc. and after all how many people actualy use it? apart from recieving those nasty popups if you dont have the proper firewall/ad blocking software installed. I was grateful for the advice about the amount of startup progs I have, but its down to me what i have on my pc. just sometimes you never get round to doing these things (one of the reasons I got the bloody thing in the first place was because I didnt run the anti-spyware often enough. I did however take the opertunity while i was trying to solve the problem on my pc by removing the startup entries in my registry, yes I know where they are.

Thanks LucF !
thanx Lovebug for coming back and explaining :)
but still u have not told the MAIN thing..... was removing only that single entry solved ur Whole problem..... means all was well on ur system except that bargains.exe process :-?
Lovebug69Author Commented:
No, i got rid of bargains.exe
never mind,,,,, just leave it.... =\
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.