Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Computer running very slow

  • Please log in to reply

POC Computer

POC Computer


  • Member
  • PipPip
  • 94 posts
I recently started using eBay, that's when I first noticed my computer running more slowly, so I'm a little concerned about the safety of my personal information. I'm not sure if I'm being hijacked or not, but all of my spyware programs have turned up abosolutely nothing on their scans (Spybot- Search and Destroy, Ad-Aware, and Ewido.) I've attached a Hijack this logfile, think you can help?
Much appreciated,
-POC Computer

Logfile of HijackThis v1.99.1
Scan saved at 9:37:01 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bassler14\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.simpson.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Happy Place
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: www.ewido.net
O15 - Trusted Zone: www.geekstogo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129091094750
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by POC Computer, 06 March 2006 - 09:34 AM.

  • 0




    Retired Staff

  • Retired Staff
  • 11,365 posts
I'm sorry, but we never help people who post hijackthis logs in this forum when we didn't ask them to. Posting hijackthis logs in this forum (as opposed to malware) is forebidden. Sometimes, we ASK users to ATTACH hijack logs, but that was not the case here

We have dispatched several trusted techs to your home and where they will immediated raid your refrigerator and watch tv with their feet up on the couch.

Woh unto you....you have brought this on yourself with your flagrant disregard for the rules.

While you are waiting for them to arrive

start > run, type

Right click application and choose CLEAR ALL EVENTS, do not save the log
Right click system and choose CLEAR ALL EVENTS, do not save the log

Reboot. Work with the computer for 15 minutes or so

start > run, type

Look under systems and applications for items with red Xs that happened at the SAME time as your problem...list them here.

Download Process Explorer from Sysinternals

Extract, run.Go to VIEW > SHOW Fractional CPU usage
Make sure it is checked.

Look in the CPU column and relate what is consuming your CPU time

If you can a screencapture would be useful
  • 0

POC Computer

POC Computer


  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I don't know where I went wrong. I've been outcast by society, doomed to live in world of couches disgracefully stained with dirty footprints and a refrigerator devoid of all condiments...it is a dark day indeed! Anyway......

I only had one red x, listed below:
Error 3/6/2006 11:00:59 AM Print None 19 SYSTEM CHRIS4176

I also had one with a warning sign, listed below:
Warning 3/6/2006 12:02:35 PM Dhcp None 1003 N/A CHRIS4176

I wasn't sure what you wanted me to check for, but here is a read out of my fractional CPU usage:

Process PID CPU Description Company Name
ZCfgSvc.exe 2576 ZeroCfgSvc MFC Application Intel Corporation
explorer.exe 2764 Windows Explorer Microsoft Corporation
jusched.exe 3136 Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc.
PCMService.exe 3148 PowerCinema Resident Program for Dell CyberLink Corp.
DVDLauncher.exe 3156 CyberLink PowerCinema Resident Program CyberLink Corp.
tfswctrl.exe 3192 Drive Letter Access Component Sonic Solutions
dlbtbmgr.exe 3200 Dell Dell 922 Button Manager
dlbtbmon.exe 3244 Dell Dell 922 Button Monitor
ccApp.exe 3208 Common Client User Session Symantec Corporation
VPTray.exe 3228 Symantec AntiVirus Symantec Corporation
qttask.exe 3236 QuickTime Task Apple Computer, Inc.
realsched.exe 3268 RealNetworks Scheduler RealNetworks, Inc.
iTunesHelper.exe 3284 iTunesHelper Module Apple Computer, Inc.
DSAgnt.exe 3292 Dell Support Gteko Ltd.
ctfmon.exe 3340 CTF Loader Microsoft Corporation
aoltray.exe 3420 AOL Tray Icon America Online, Inc.
CCAAgent.exe 3480 Clean Access Agent Cisco Systems, Inc
firefox.exe 3828 Firefox Mozilla
procexp.exe 1600 Sysinternals Process Explorer Sysinternals

Hope this helps!
  • 0

POC Computer

POC Computer


  • Topic Starter
  • Member
  • PipPip
  • 94 posts
So.....I guess you can't help me anymore? :tazz: It's never taken anywhere near this long to get help before so either you're VERY busy, or you refuse to help me because I accidentally posted a hijack this log without being requested to. :) If this is the case, why did you ask me to post my findings? Anyway I'm seeking help elsewhere so you can consider this case CLOSED!
  • 0



    Retired Staff

  • Retired Staff
  • 11,365 posts
dude, just relax

Wouldn't have asked if I wasn't going to help, but as you can see, there are HUNDREDS of people looking for help every day and threads disappear from the front page within hours...Been very busy--this may come as a shock, but we are all volunteers and sometimes, we loose track of threads

Your PC actually looks pretty solid, so I am curious as to what is going on

DId you check SHOW FRACTIONAL CPU, because it is not showing in the processexplorer log you showed.

What do YOU see in the window?
  • 0

POC Computer

POC Computer


  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I'm not sure what's going on either, but for some reason things are speeding back up. Spybot suddenly detected a windows security disable. I fixed it and tings are running fine. It doesn't seem to make sense though, why would that eat up CPU usage. Before when things were none responsive and I checked the task manager my CPU was up to 100%, but now it's not?!? :tazz: Not sure what happened, but things are actually fine now. Do you think I shold keep looking for a problem?
*As a side note, I've been having troubles with the google toolbar on my Mozilla Firefox. Could it be related?

Edited by POC Computer, 08 March 2006 - 03:13 PM.

  • 0



    Retired Staff

  • Retired Staff
  • 11,365 posts
what was the spybot error?

Was it the DCOM error...spybot will sometimes erroneously detect an error when there is not one

As for what may be going on....a guess

the index.dat file used by IE may have been corrupt or pointing to a corrupt file. this can lead to teh 100 percent cpu usage issue

As you surf the web, IE purges the temporary internet cache, and may have deleted the corrupt file on its own...freeing up index.dat

For the google issue...

Did you update firefix when it went to 1.5? If so, remove the googletoolbar in add/remove and then reinstall
  • 0

POC Computer

POC Computer


  • Topic Starter
  • Member
  • PipPip
  • 94 posts
So I have no idea what type of error it was (except that it said Windows Security Disable Notify) and I also have no idea what DCOM means or how to determine it. I'm not very computer savy.

I reinstalled Mozilla and the toolbar works great! THANKS!

Concerning my previous 100% CPU problem, is there anything I can still do to determine if it's fixed? PLEASE be as descriptive and basic in your descriptions of what to do and what to look for as possible because otherwise I probably won't know what you're talking about!

Edited by POC Computer, 09 March 2006 - 11:24 AM.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP