Solved

System Slow, Hard Disk LED on continuously

Posted on 2004-08-27
14
346 Views
Last Modified: 2011-10-03
Did have WinKA.exe etc running, deleted it by using HiJackThis, fixing the processes, then rebooting to Safe mode, then deleted the C:\Program Files\WindUpdate\ Folder.

However, system still slow, any ideas, here is my latest Hijackthis log.

Thanks


Logfile of HijackThis v1.98.2
Scan saved at 14:19:30, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\WDVRCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\temp\msbb.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Download\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

0
Comment
Question by:Lovebug69
  • 6
  • 4
  • 2
  • +1
14 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11912923
Hello Lovebug69 =)

Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then Fix the following entries in Hijakcthis !!!!

========================================================
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
========================================================

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.

Also u have so many Startup entries in Start>Run>msconfig>Startup list
u can disable the ones u dont want to start and run at startup :)


!! GOOD LUCK !!
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 500 total points
ID: 11912966
one to add to that list to remove:
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11920356
Lovebug69 ..... will u plzz come back for a second, and tell us the Reason of ur Accepted Answer.... ??
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11923156
hello,
I had similar kind of the problem and I refered SheharyaarSaahil's solution and it worked.
I was assuming that his answer will be accepted.
Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11923167
hello LucF no offence pls nothing against you buddy.
Just a note from person who was following this thread.
Regards,
---Pinal
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11923221
No problem pinaldave :o)

I'd be happy with a split on this question.

What might be the reason for this happening is that bargains.exe is known for a lot of disk activity (indexing of some kind?), so that entry was probably the moment the disk activity stopped when removed.
I would like to post some concerns to ShehaarSaahils posting also.

>>CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html <= I see no CoolWeb trojan here... do you?
>>Stinger >> http://vil.nai.com/vil/stinger <= I see no virus here, and certainly not one Stinger will be able to fix

>>Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
Why? Some people NEED this, like I do on my network to get notified by Inoculate IT! Leave this decision to the askers, if they mention they're having messenger popups, the best solution is a Firewall, not a disabled service!

>>3. Run the AntiVirus tool and delete all viruses it found
Do you see any virusses?

What you posted contains just TMI (too much information)
All I'm wondering about is, as you're around all the time, how hard can it be to just cut down your postings. All you added this time to your C&P is three lines.

Greetings,

LucF

p.s. Still, I'd be happy with a split of points, I have no objections.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11923338
Does running CWShredder and Stinger, even if they find nothing is BAD ??
i run them weekly, even when they come as CLEAN.... but it asures me that system is really clean..... !!!!

If the person needs messenger service, he will never turn it off.... but most of the people dont know even what this service is,,,, did we know if Lovebug69 is among them or not !!!!!

but ofcourse not all people can think like this,,,, can they,,,, nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!

Every person in this world has his own rights and ways to troubleshoot a problem, and NO-ONE else has any right to criticize
him\her..... and even then, when he is not WRONG..... If u dont like a thing, its ur problem, and not of the second person's.... ur feelings and thinkings are only concerned with u,,,, why to bother the second person..... !!!!

When u can do the things which u like and how u like,,,,, he can also do.....
and when he is not saying anything to u,,,,, its NOT fair that u always go behing him and say anything to him what u want..... even when he has warned u so many times to not BOTHER him !!!!

I have my own ways and i TRUST them.... i dont care if only one person in a million dont like them..... but plzz keep ur dislikeness to urself... and leave criticizing me again and again,,,,, i dont know abt u,,, but atleast im fed of these things !!!!!!!
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 32

Expert Comment

by:Luc Franken
ID: 11923562
It was, as in many cases meant as an "advice"
You take it or leave it, I can't care less.

Please leave out the exclamation marks against me, it looks rude.

>>nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!<<
I'm only pointing out concerns, I'm not critizising you in any way, you've been helping a lot of people around EE and I hope you keep doing so.

That's all, thanks for listening,

LucF

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11923667
>> Please leave out the exclamation marks against me, it looks rude.
ok if they look rude, then im sorry for that, will never use them again :)
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11923676
Thanks :)
0
 

Author Comment

by:Lovebug69
ID: 11925505
Listen, All I wanted was some advise as to how to stop my problem, im no novice when it comes to computers, I actualy repair and work on them as a profession. Although as with all fields there are specialists in certain areas i.e. virus and spyware protection.

I am grateful for the replay I recieved, it enabled me to solve the problem on my own pc. I know about messenger service etc. and after all how many people actualy use it? apart from recieving those nasty popups if you dont have the proper firewall/ad blocking software installed. I was grateful for the advice about the amount of startup progs I have, but its down to me what i have on my pc. just sometimes you never get round to doing these things (one of the reasons I got the bloody thing in the first place was because I didnt run the anti-spyware often enough. I did however take the opertunity while i was trying to solve the problem on my pc by removing the startup entries in my registry, yes I know where they are.


Thanks LucF !
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11926485
thanx Lovebug for coming back and explaining :)
but still u have not told the MAIN thing..... was removing only that single entry solved ur Whole problem..... means all was well on ur system except that bargains.exe process :-?
0
 

Author Comment

by:Lovebug69
ID: 11930158
No, i got rid of bargains.exe
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11931824
never mind,,,,, just leave it.... =\
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now