[Justin]

Hello!

Let me find Atribune and ask him to read that log for you. Sorry for the delay

[Advertisements]

no prob, should I remain at SP1? Should I run anyfurther scans or pre-emptive checks while Attribune checks the log?

John

[keycoachjohn]

no prob, should I remain at SP1? Should I run anyfurther scans or pre-emptive checks while Attribune checks the log?

John

[Justin]

Hiya,

Go ahead and stay at Sp1 for now. Im trying to /poke atri right now in chat.

[Justin]

Hello,

Atribune said that he does not see anything in the log.

Since you uninstalled SP2, can you please post a new HiJackThis log so I can look and see if anything new shows up?

[keycoachjohn]

Here ya go...

Logfile of HijackThis v1.99.1
Scan saved at 9:25:18 PM, on 9/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122345406622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122347579546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Justin]

Ok I dont see anything in your log.

Have you tried using Firefox? If you use Firefox, are you getting the same refreshing problems that you have on IE?

[keycoachjohn]

Hi Justin, I'm not familiar with firefox...please expound. For kicks, I took a screen snapshot of the task manager while everthing was Idle. Look how eratic things are. It's zipped in an attachment. -John


Incidentally, this type of system activity happens with no programs open, no IE, no word, no nothing. I gotta think there's something that keeps consuming the resources although I've re-ran Panda, Ewido, Ad-aware, Spybot, HJT, etc...argh. Again, thanks for working this through.

Attached Files

•  screen_shot_idle.zip   65.92KB   79 downloads

Edited by keycoachjohn, 12 September 2005 - 12:22 AM.

[Justin]

Hello,

Sorry I didnt tell you more about firefox, it was late

You can download it here

It is a faster and more secure web browser. It is possible to transfer all of your IE bookmarks to firefox as well.

I would try it out for a day and see if it makes anything work better. While you are trying that out, I will ask around for some more ideas.

[keycoachjohn]

Hi Justin, again thanks for the suggestion...unfortunately that was the worst this thing has performed since we started t/shooting. This is my H/S daughter's computer and she's almost given up - about ready to just re-format and start over; have been trying to demonstrate how we don't need radical surgery blah blah...but after Firefox installation we couldn't launch anything. No desktop icons, no start menu line items. Had to remove while in safe mode. Back to normal (??) mode.

One commentor noted McAffey was previously installed, could there be legacy code on the registry files? Did you see the screen shot of the eratic CPU usage?

Any register files I should disable? How about in regedit?

Any good hiding spots that I've missed?

Is there a sequencing problem at startup?

At your suggestions. THanks-John

[Justin]

Hello!

Do not reformat yet!

Download AVG Free Do not install it yet.

Open Add/Remove Programs
Look for all versions of Norton AntiVirus and uninstall EVERYTHING related to Norton Antivirus. It has been known to cause a slowdown in internet and computer.

Once all norton related programs are off of your computer, reboot and install AVG Free.

Let me know if that is any better.

[keycoachjohn]

Justin, things seemed to smooth out last night after removing Norton, installing AVG. THis morning, plugged into internet and BLAM...check out the screen shot. The HD sounds like it's working overtime. I disabled a few programs last round too... a photo prog, musicmatch jukebox, spyware etc. It's acting quite badly right now.

Is 5 svchosts typical?

John

Attached Files

•  screen_shot_2.zip   67.6KB   78 downloads

[Justin]

Hello!

Multiple svchosts are normal.

We are going to try something that is kind of like a reformat, except you do NOT loose all of your files. This just repairs all of your win XP files.

Go ahead and follow the directions for the Windows XP Repair Install from this link

After completing the repair install, let me know how things are running

[keycoachjohn]

Hello, this round looks quite involved...am on biz travel for next couple of days. Will tear into it on return. Looks like we need the XP disk which unfortunately was an OEM load. Is there any value in just skipping up to XP pro ie., via upgrade?

Thanks Justin,
John

[Justin]

If they did not send you a disk, you should have a recovery parition in your hard drive.

Let me know what brand computer you have and we will be able to see if you have the partition or not.

[keycoachjohn]

Hi Justin, sorry for the long delay...biz travel you know. Anyhow, found the disk, played with the notes you linked me to and in the end, somehow boo-boo'd to where next thing I knew, warning #2 was missed; the drive was in format mode. After all the effort....! rats.

Thanks for all the tips, I tried hard to not re-load the OS, and you were very helpful...as for the OS reload- it's working great as of last night.

JE