Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Within the last two days (April 15 and 16) I have been having a terrible time with sporadic sluggish response to keyboard input. I will need help narrowing down the symptoms before I can ask for help with the fix!

    This can occur when Windows Task Manager shows CPU Idle Process at 99%. I have the character Repeat Delay set to minimum and Repeat Rate set to about 80%.

    Major recent changes: A couple of days ago (April 15th) Windows Update installed a rather large update on my XP Pro SP3 PC. Also I upgraded my anti-spyware program from Sunbelt Software CounterSpy 3.x to 4.x. I have Active Protection (anti-virus) disabled in CounterSpy.

    I am running Zone Alarm Anti-Virus 9.1 which consists of the classic Zone Alarm firewall plus Kaspersky AV.

    Plain ol' text entry seems consistently normal. I use ACD Systems ACDSee 10 Photo Manager. When viewing an image and zooming using the Keypad "+" key the program sometimes hesitates then does a series of zooms as though to catch up with my input.

    Sometimes when I click (or double click, whichever is required) on an item in the System Tray there is a long delay before a response- often several seconds.

    Often I cannot copy and paste using the keyboard. For example, I would like to re-send an Outlook 2007 email message I sent previously. I can Shift-Tab in the message until the cursor is in the Sent field, then I can Shift-End to highlight the date-time text. Ctrl-C does not place the text on the Windows clipboard.

    However, while writing this plea for help everything is working normally. This is disconcerting and throws a big wrench in my productivity. I photograph up-and-coming models for a hobby (retired) and the use of the PC is intensive during and after a shoot.

    When reviewing photos I put the CF card in the reader, highlight the files in Windows Explorer with Ctrl-A, then Ctrl-X to initiate a 'move' and finally Ctrl-V in the destination folder to execute the 'move'. It didn't work at all during yesterday's shoot (April 15). I looked like a rank amateur, not only in my computer mastery but of the entire process of photography! I just tried the "keyboard move" and it worked fine.

    I would appreciate ideas about narrowing down my symptoms. It seems that whatever is going on is pretty general across everything I do with the PC but is not occurring all the time!

    Thanks, - Dave


    Hardware install and data transfer complete 18 Sep 2007
    ASUS P5WDG2 WS Pro
    Core 2 Quad Q6600
    Corsair 2 ea. TWIN2X2048-6400C4 2GB Kit (1GBx2) PC26400 800MHz for 4GB
    PC Power & Cooling Silencer 750 Quad 750W
    EVGA 256-P2-N751-TR GeForce 8600 GT 256MB 128-bit GDDR3 PCIx
    HDD Drive 1 (C) WD740ADFD SATA1 74GB HD 10K RPM 16MB for OS
    HDD Drive 0 (D) Hitachi Deskstar 7K1000 SATA2 1Tb for Data
    HDD Drive 2 (E) WD740ADFD SATA1 74GB HD 10K RPM 16MB for Apps, Photoshop temp
    HDD Drive 3 (F, G, H) WD740ADFD SATA1 74GB HD 10K RPM 16MB for Web development, Windows Pagefile
    SanDisk Extreme CF card reader 1394b 800Mbs
    CF Card is SanDisk Extreme IV 4GB 45 MB/s UDMA
    1394b Adapter NitroAV NAVPCIEFW800 PCIx FireWire 800/1394b
    MS Windows XP Professional SP3 32 bit
    Monitor NEC MultiSync LCD2190 UXi

  2. #2
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for posting all your specs Saves a lot of time.

    Run Hijack This, please, and post the log here. Let's see what's going on under the hood.
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

  3. #3
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi RochelleP

    Here is the log file, attached. I had to save it as a .TXT because this BBS wouldn't let me upload a .LOG file.

    In addition to programs running I mentioned last time I have PureText for Win (x86) v2.0 (www.SteveMiller.net) and M8 Free Clipboard v12.02 (M8 Software 2007) running. Both of these do not function properly this morning. I rely on them a lot!

    Thanks!

    - Dave
    Attached Files Attached Files

  4. #4
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's just a text file, can be copied and pasted.. I'm copying the file and posting it here, so others can benefit.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:52:36 AM, on 4/17/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\Util\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    E:\Util\Toggler\toggler.exe
    G:\Programs & Upgrades\Utilities\Text Management\PureText format stripper\PureText.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC KA.EXE
    C:\Program Files\Messenger\msmsgs.exe
    E:\Util\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    E:\Util\FreeClip\FreeClip.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Ap\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Ap\Adobe\Adobe Photoshop CS3\Photoshop.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    E:\Ap\Microsoft Office\Office12\WINWORD.EXE
    E:\Util\Beyond Compare 3\BCompare.exe
    E:\Util\Siber Systems\GoodSync\GoodSync.exe
    C:\Program Files\ACD Systems\ACDSee\10.0\ACDSee10.exe
    E:\Util\Avanquest\PowerDesk\PDExplo.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techno-imaging.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Util\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Ap\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
    O4 - HKLM\..\Run: [sbamui] "C:\Program Files\Sunbelt Software\CounterSpy\sbamui.exe" /launch
    O4 - HKCU\..\Run: [Toggler] E:\Util\Toggler\toggler.exe
    O4 - HKCU\..\Run: [PureText] "G:\Programs & Upgrades\Utilities\Text Management\PureText format stripper\PureText.exe"

    O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC KA.EXE /FU "C:\DOCUME~1\dmckeen\LOCALS~1\Temp\E_SF6F.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: FreeClip.lnk = E:\Util\FreeClip\FreeClip.exe
    O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
    O4 - Global Startup: ColorVisionStartup.lnk = E:\Util\ColorVision\Utility\ColorVisionStartup.exe

    O4 - Global Startup: Logitech SetPoint.lnk = E:\Util\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &ieSpell Options - res://E:\Util\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://E:\Util\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Ap\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://E:\Util\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://E:\Util\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Util\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Util\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Util\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Util\ieSpell\iespell.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Ap\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199205701734
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DirMS_Defragmentation - Unknown owner - E:\Util\MATCO\DirmsService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Util\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\Util\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - E:\Util\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    1--First check the box in front of the ones I marked in red. You don't need all of those starting with every boot.
    There's also one green entry.

    2--What is SoundMax? Do you need it starting with the bootup or can you start it later?

    3--Ditto on MacroVision.

    4--What kind of back up are you doing in Nero?

    4--Delete this file from your computer:
    C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

    5--Reboot, download Malwarebytes AntiSpyware and run it. Post . Copy and paste the log here.
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

  5. #5
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Rochelle,

    Thanks! I have a lot of house cleaning to do. I will tackle it first thing in the morning.

    This morning I had the symptoms I described earlier then during a photo shoot today all was normal. But it's obvious the system needs work.

    First a couple of questions:
    * Where you say "First check the box in front of the ones I marked in red.", where do I find the check boxes? In Autoruns? System Configuration (config.sys)?
    * Should I disable the green entry? Or do it alone first to see if disabling it breaks anything?

    And answers:
    *SoundMax is the integrated sound electronics on the motherboard. It would be best for me if it started on bootup.
    *I'm not using Nero Backup. I can disable that entry.

    - Dave

  6. #6
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When Windows started this morning ZoneAlarm AV reported that its AV engine had stopped- would I like to re-start ie? (Yes.) Outlook 2007 failed to start. It complained of a plug-in and advised I remove it. So I went directly to Malwarebytes' site and ran a full scan. I will work on disabling the startups next. Here is the Malwarebytes log:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4003

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/18/2010 8:49:55 AM
    mbam-log-2010-04-18 (08-49-55).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
    Objects scanned: 498827
    Time elapsed: 1 hour(s), 4 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    G:\Programs & Upgrades\Multimedia\Codecs\avicodecpack.com\AVICod ecPackLite3.exe (Adware.Webdir) -> Quarantined and deleted successfully.
    - - - - - - - - - - - - - -

    By the way, cutting and pasting is working fine! Now to see if I can replace CounterSpy with the paid version of Malwarebytes.

    - Dave

  7. #7
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    * Where you say "First check the box in front of the ones I marked in red.", where do I find the check boxes?

    In Hijack This. Checking the box disables. Don't use Autoruns unless your a real techie. A lot of the Windows stuff in there can really bollux you up, and the non-Windows programs can be found in Hijack this or WinPatrol

    * Should I disable the green entry? Or do it alone first to see if disabling it breaks anything?

    check the box in front of it. That disables it


    *I'm not using Nero Backup. I can disable that entry.
    Or uninstall it if it's separate from Nero.
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

  8. #8
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    By the way, cutting and pasting is working fine! Now to see if I can replace CounterSpy with the paid version of Malwarebytes.

    You have an unusual set of security programs. Might want to know ESET NOD rated on top at the Maximum PC indep lab tests this month. It's a full suite. But if you choose a suite, I would still run the free MBAM on demand regularly. It catches almost everything. This was their list, not yet on their website. They rated only suites:

    1. Norton internet Security 2010
    2. ESET Smart Security 4
    3. Avira Antivir Free Edition
    4. Microsoft Security Essentials (I disagree on this)
    5. AVAST! internet security
    6. McAfee Internet Security 2010
    7. Trend Micro Internet Security Pro 3.0
    8. Bitdefender Internet Security 2010
    9. Panda Internet Security 2010
    10. Comodo Internet Security Pro

    But you also had a number of other Windows function acting badly. Report back to me on those.


    If I stopped anything in the startup that you feel should be started at bootup, go into Run>msconfig>Startup and restart it. I'm not accustomed to dealing with computers of photographers. But keep the startup to a minimum.
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

  9. #9
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you need a diff codec pack, try K-lite.
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

  10. #10
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I will look into ESET NOD. Thanks for those resources. I got started with Zone Alarm because of the firewall they started out with when there wasn't anything as good out there. Their AV is Kaspersky which, up until now, has been pretty good. I don't remember how I came upon CounterSpy (Sunbelt Software), but I'm pretty much fed up with them.

    Yeah, I'm still having delayed response (5-10 sec) opening up icons in the system tray. And keyboard copying and pasting of text is sometimes impossible. However I just did a keyboard cut and paste of files from one folder to another in Windows Explorer and that worked fine. I will get into Autoruns and disable the startups you marked in red (above).

    What were you referring to when you said to check the boxes in front of the startup entries you highlighted?

    Thanks, - Dave

  11. #11
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    These lists which rank AV products and suites seem to shift the positions of the major vendors every time they appear. It does not matter whether your AV choice is Number One or Number Twenty. If it passes muster in independent lab tests, chances are it is plenty good. Microsoft Security Essentials has passed these tests. The important thing to do is to make sure you have a good AV, a secondary spyware detector scanner, and a good firewall (or good knowledge of both the inbound and outbound Windows Firewall controls -- for Vista and Windows 7 users only). Suites combine these features under a single user interface. MSE has no advanced heuristics countermeasures, so supplementing it with PC Tools Threatfire may be wise. Maximum PC is really big on lists, but enumerating adds nothing to the factual discussion.

    Dave, just replace CounterSpy with Malwarebytes, and you're golden.

    If startups are a concern, CCleaner (freeware) includes a Startups utility which is much simpler to use than Autoruns. It has checkboxes just like Microsoft's MSConfig Startups tab, and you simply use the CCleaner Disable button to turn off any Startup you can see. Windows will not be damaged by doing this.
    -- Bob Primak --

  12. #12
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rochelle,

    Sorry, I missed where you said where to find the check boxes. I found them in Hijack This, but there were a few startups I didn't want to check because I didn't know how to get them back in Hijack This. Here they are. I unchecked them in Autoruns.

    O4 - HKCU\..\Run: [Toggler] E:\Util\Toggler\toggler.exe

    Alerts me when I inadvertently hit Insert, Caps Lock or Num Lock. Disables right Windows key. (I'm in Photoshop a lot and use the right Alt key constantly. I frequently hit the right Windows key accidentally which causes actions that throw off my workflow.)

    Note: Toggler found a way to get itsself on the startup list again! There are now two entries in Autoruns for Toggler; one checked and not not checked. I stopped Toggler while using the system to check for sumptoms.

    O4 - HKCU\..\Run: [PureText] "G:\Programs & Upgrades\Utilities\Text Management\PureText format stripper\PureText.exe"

    Strips formatting from text for pasting into Word, etc.

    O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC KA.EXE /FU "C:\DOCUME~1\dmckeen\LOCALS~1\Temp\E_SF6F.tmp" /EF "HKCU"

    Epson Status Monitor 3 for the Epson Stylus Photo R280 Series of inkjet printers.

    O4 - Startup: Microsoft Office Outlook 2007.lnk = ?

    Starts Outlook 2007

    O4 - Global Startup: ColorVisionstartup.lnk = E:\Util\ColorVision\Utility\ColorVisionstartup.exe

    Monitor calibration (calibrates lookup table in video card)

    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    I rely heavily on Windows Search to locate email threads.

    O4 - Startup: FreeClip.lnk = E:\Util\FreeClip\FreeClip.exe

    Not highlighted in red, but a possible suspect.

    I had been using keyboard combination Ctrl-Alt-V to activate FreeClip. I recently becme aware that this key combination is already in use by Windows. Maybe the confilct was there. When I restore FreeClip I will use a different key combination.

    Here is the Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:18:49 PM, on 4/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\Util\Java\jre6\bin\jqs.exe
    E:\Util\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Ap\Microsoft Office\Office12\WINWORD.EXE
    E:\Ap\MICROS~1\Office12\OUTLOOK.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techno-imaging.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Util\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Toggler] E:\Util\Toggler\toggler.exe
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Util\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &ieSpell Options - res://E:\Util\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://E:\Util\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Ap\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://E:\Util\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://E:\Util\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Util\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Util\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Util\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Util\ieSpell\iespell.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Ap\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199205701734
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DirMS_Defragmentation - Unknown owner - E:\Util\MATCO\DirmsService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Util\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\Util\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - E:\Util\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 8539 bytes

    - Dave

  13. #13
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas-Ft Worth, Texas, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Bob P,

    Thanks for the input. I should have remembered that there is a startup manager in CCleaner. I will stick with that one!

    I appreciate the word on AV, spyware and firewalls. I'll likely stick with ZoneAlarm AV (Kaspersky) and switch form CounterSpy to Malwarebytes paid spyware program.

    - Dave

  14. #14
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Bob Primak View Post
    These lists which rank AV products and suites seem to shift the positions of the major vendors every time they appear. It does not matter whether your AV choice is Number One or Number Twenty. If it passes muster in independent lab tests, chances are it is plenty good.
    The article isn't yet on their website, so i can't quote details right now. The ones lower in on the list did NOT pass muster. The percentage of either uncaught viruses or the difficulty configuring the program rises as you go down the list.

    There's also the recent test by VirusBulletin, which were quoted in several magazines. Yes, all A-V's miss some stuff, but some miss more than others. Checking regularly with MBAM is always a good idea.
    I've also had A-V programs whose configuration drove me up the wall, and I'm no newbie.
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

  15. #15
    2 Star Lounger Katz's Avatar
    Join Date
    Feb 2010
    Location
    NYS
    Posts
    169
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Note: Toggler found a way to get itsself on the startup list again! There are now two entries in Autoruns for Toggler; one checked and not not checked. I stopped Toggler while using the system to check for sumptoms.

    I don't think that little utility uses a lot of resources. And it probably reinserts itself from an option you checked in the program itself. Don't worry about it.

    I wasn't familiar with every program, so choosing some over others is fine. I thought FreeClip was like Clipmate, which I keep running all the time. But you don't need the 2 Adobe entries running in the background. Check the 04 boxes there. Otherwise it looks good.

    Bob is right about CCLeaner, but I initially wanted to see possible malware entries in HJT. CCleaner is fine on a roughly weekly in Scheduled Tasks.

    Are you still confused about where to check the boxes? When HJT makes its log, there's a checkbox in front of each entry. You can stop entries there. Msconfig>Startup works the opposite way. Checks are the ones you keep.

    So how are your other Windows functions running now without the malware? Smoothly?
    2 desktops: Win XP Pro SP3 / 3 GHZ/3 GB RAM/ Firefox, Thunderbird /
    Open Office

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •