# Computer Very Slow



## Ryman21 (Nov 15, 2004)

Recently, my computer began to run very slowly. It will be fine for a minute than a second later, it will go very slow, then go back to normal and so on. I ran HijackThis and here is the log.
Logfile of HijackThis v1.98.2
Scan saved at 9:34:49 PM, on 11/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security 

Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\newstartbutton.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\??plorer.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Temporary Directory 1 for 

hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 

http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://ww

w.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 

http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://ww

w.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 

http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://ww

w.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = 

http://rd.yn.cometsystems.com/r/cc3un/4.4.2;11003718500000000115073800

233;1100371835000;1100386336000/http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = 

http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName 

= 
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-

7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0

\ycomp5_5_7_0.dll
O2 - BHO: TChkBHO Class - {5F04F232-F6A6-4CC6-B7DD-F65243D5F7C1} - 

C:\WINDOWS\system32\spjlo.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - 

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} 

- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-

7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program 

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 

3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program 

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec 

Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program 

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common 

Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program 

Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [Aobtpl] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program 

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program 

Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft 

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions 

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel 

present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel 

present
O8 - Extra context menu item: E&xport to Microsoft Excel - 

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} 

- (no file)
O16 - DPF: ConferenceRoom Java Client - 

http://199.236.10.2:8000/java/cr.cab
O16 - DPF: Yahoo! Literati - 

http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Pool 2 - 

http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - 

http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} 

(MessengerStatsClient Class) - 

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.c

ab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} - 

http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - 

http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags 

Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) 

- 

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.ca

b
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - 

http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} 

(MaxisMakinMagicTeleX Control) - 

http://thesims.ea.com/teleport/makinmagic/MaxisMakinMagicTeleX.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - 

https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - 

http://software-dl.real.com/1815b250712d080b5500/netzip/RdxIE601.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX 

Control) - 

http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader 

Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 

http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/e

xentctl_0_0_0_1.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) 

- 

http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/

housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline 

Control) - 

http://www.e2chameleon.btinternet.co.uk/scan/Msie/bitdefender.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} 

(MaxisUnleashedLotTeleX Control) - 

http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.ca

b
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} 

(MessengerStatsClient Class) - 

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} 

(MaxisSimsFamilyTeleX Control) - 

http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} 

(WebResponseAttachments Control) - 

https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - 

http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl 

Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI 

Registry Information Class) - 

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - 

http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader 

Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - 

http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - 

http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj 

Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - 

http://download.mcafee.com/molbin/iss-loc/vso/en-

us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C86E9A-8563-45ED-937C-

0DDAD0115997}: NameServer = 209.226.175.224 198.235.216.110

I don't know if this helps but i hope you can help me! I have a P4 processor and 2.2 ghz, 256 mb ram, and 40 Gb....if that helps.


----------



## Ryman21 (Nov 15, 2004)

I also forgot to mention i am running Windows XP professional


----------



## Lorand (Nov 15, 2004)

At a first look these are the entries you can get rid of:

C:\WINDOWS\newstartbutton.exe
C:\WINDOWS\System32\??plorer.exe
O2 - BHO: TChkBHO Class - {5F04F232-F6A6-4CC6-B7DD-F65243D5F7C1} - C:\WINDOWS\system32\spjlo.dll (file missing)
O4 - HKCU\..\Run: [Aobtpl] C:\WINDOWS\System32\??plorer.exe
O16 - DPF: ConferenceRoom Java Client - http://199.236.10.2:8000/java/cr.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} - http://thesims.ea.com/teleport/hotd...otDateTeleX.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...inst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/maki...nMagicTeleX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1815b25...ip/RdxIE601.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/supe...erstarTeleX.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download....s/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unle...shedLotTeleX.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/fami...FamilyTeleX.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB

After cleaning them up, post a new log.


----------



## Praetor (Nov 15, 2004)

God there a lot of stuff in there that doesn't need to be there ... The . Net doesn't help things either. 

*Id get rid of this*
c:\program files\common files\symantec shared\ccevtmgr.Exe
c:\windows\newstartbutton.Exe
c:\program files\messenger plus! 3\msgplus.Exe
c:\program files\common files\symantec shared\ccapp.Exe
c:\program files\logitech\video\logitray.Exe
c:\windows\system32\?? Plorer.Exe
c:\program files\logitech\imagestudio\lowlight.Exe
c:\program files\logitech\video\fxsvr2.Exe
c:\program files\msn messenger\msnmsgr.Exe
c:\program files\mozilla firefox\firefox.Exe

*optional*
c:\program files\common files\logitech\qcdriver3\lvcoms.Exe

*stuff to consider*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...s/sb/*http://ww <http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...s/sp/*http://ww <http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://www.yahoo.com/>

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) http://red.clientapps.yahoo.com/cus...s/su/*http://ww <http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page=ttp://rd.yn.cometsystems.com/r/cc3...000000115073800 http://rd.yn.cometsystems.com/r/cc3un/4.4.2;11003718500000000115073800>233;1100371835000;1100386336000/http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = <http://www.yahoo.com/>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: TChkBHO Class - {5F04F232-F6A6-4CC6-B7DD-F65243D5F7C1} - 

Ok most of that stuff can prolly go and by most i mean like 80% ... ok now that ive scrolled some mor ... 90%


----------



## Imaruki (Nov 15, 2004)

You have spyware on that machine....



> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page=ttp://rd.yn.cometsystems.com/r/cc3...000000115073800 http://rd.yn.cometsystems.com/r/cc3un/4.4.2;11003718500000000115073800>233;1100371835000;1100386336000/http://www.yahoo.com/


comet?


----------



## Ryman21 (Nov 16, 2004)

Ok...Here is my new log..Some of the things, wether it be my eyesight or i just read over it, could not find. Also, the newstartbutton.exe...i changed my start button however, i do not know how to change it back so i dont want to delete it quite yet just in case. By the way, i also use the Mozilla Firefox browser so i did not delete that entry, just in case. If i should delete these, let me know. Logfile of HijackThis v1.98.2
Scan saved at 9:28:30 PM, on 11/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\newstartbutton.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\??plorer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=newstartbutton.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.e2chameleon.btinternet.co.uk/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C86E9A-8563-45ED-937C-0DDAD0115997}: NameServer = 209.226.175.224 198.235.216.110


----------



## Imaruki (Nov 16, 2004)

> C:\WINDOWS\newstartbutton.exe


You customize your start button eh...anyways, it looks a lot better than last time and I've noticed that that stupid Comet crap is gone....God I hate Comet Cursor......and I see you like online freebie games too...lol


----------



## Lorand (Nov 16, 2004)

There are still a lot of useless crap on your system, but the most dangerous is this one: C:\WINDOWS\System32\??plorer.exe. You must get rid of it, so go in system32 folder and delete it (I think its real name is 5Eplorer.exe).


----------



## samuelhii_mei (Nov 16, 2004)

well if i meet with these problem!!
i will back up my files and format it!! it will be much more easier at least less troublesome!!!


----------



## itconsultancy (Nov 16, 2004)

is Rundll32.exe spyware?


----------



## Ryman21 (Nov 16, 2004)

ok...the ??plorer.exe and 5Explorer.exe were not in the windows\ system 32 folder... My computer continues to go fine for 10 seconds then load up something, cauing it to basically freeze for 30 seconds..When i go to my proceses, the things taking up the most space are normal programs...mainly scvhost.exe and unfortunatly, newstartbutton.exe....What the hell's gonig on!?!?....What is it "loading"?? Argghhh!


----------



## Lorand (Nov 17, 2004)

Read here about that ??plorer.exe here: http://experts.about.com/q/1737/3745199.htm. That article is a bit paranoic, but I think the best thing to do is formatting the hdd if you can't delete that ??plorer.exe.
Have you tried to find it booting in safe mode using the command prompt?


----------



## Ryman21 (Nov 17, 2004)

About formatting my hard drive:
A) Will this basically erase everything on my computer, so when i re-install, only the things from XP will be on there and not the ??plorer.exe
B) how do I do this...dumb question I know...But i have never done this b4..lol..


----------



## samuelhii_mei (Nov 17, 2004)

itconsultancy said:
			
		

> is Rundll32.exe spyware?




no it isnt!


----------



## Lorand (Nov 17, 2004)

Let's give your current installation a last chance... Download the following utilities: Process Explorer and Autoruns. First run Process Explorer and kill that ??plorer.exe. After that run Autoruns and deselect the entry which starts it at startup.


----------



## Verrona (Nov 17, 2004)

The problem is that u r running Windows!! And when u mix it with Service Pack 2..... u get a horrible combination!


----------



## Imaruki (Nov 17, 2004)

Verrona said:
			
		

> The problem is that u r running Windows!! And when u mix it with Service Pack 2..... u get a horrible combination!


That's not true at all!  I install SP2 on all my customer's computers and I've never had any problems with it yet.


----------



## Ryman21 (Nov 17, 2004)

Ok...For Process Explorer, ??plorer.exe was not in there...all my normal progs. like  Norton  and...newstartbutton.exe and a lot of scvhost.exe... with autorun, only things there were newstartbutton, logitech stuff, norton stuff and a userinit thing whatever it is....nothing having to do with ??plorer.exe was there


----------



## Lorand (Nov 17, 2004)

Can you post a new log? Maybe that ??plorer thing no longer loads at startup...


----------



## Ryman21 (Nov 17, 2004)

yup..here it is..
Logfile of HijackThis v1.98.2
Scan saved at 3:41:11 PM, on 11/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\newstartbutton.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=newstartbutton.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.e2chameleon.btinternet.co.uk/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C86E9A-8563-45ED-937C-0DDAD0115997}: NameServer = 209.226.175.224 198.235.216.110


----------



## Lorand (Nov 17, 2004)

It seems that it have been cured...  
Do you still notice some lags?


----------



## Ryman21 (Nov 17, 2004)

Yes....And it is constantly loading something every minute or so...


----------



## Lorand (Nov 17, 2004)

Give it an online virus-scan too with Trendmicro.


----------



## Ryman21 (Nov 17, 2004)

Okee Dokee..let ya no the results when its done,....itll probably be a while...the damn thing lags every minute


----------



## Ryman21 (Nov 17, 2004)

Well, so far...it said it found a virus with pirate in the name or sumthing..lol...i hope thats it!


----------



## Lorand (Nov 17, 2004)

I hope it can disinfect your system...


----------



## Ryman21 (Nov 17, 2004)

Better than Norton..Piece of crap..always says 5 adware things then i press delete and it says "Delete Failed" "Delete Failed"...it sucks..


----------



## Ryman21 (Nov 17, 2004)

Ok...still no luck....is my last option reformatting my hd?? If so, how do i do it and is it possible to keep my programs on, just restore all the defaults to everything else...id rather not have to re-install everything if possible


----------



## Lorand (Nov 17, 2004)

What could it be that thing that slows down your computer?
Let's see if we can catch it: run Procexp (arrange its window and the columns properly to see all the processes) and wait until the next lag. Then make a screenshot and post it here.


----------



## Ryman21 (Nov 17, 2004)

Ok..i took a screenshot and even a compressed zip-file, its still too large..However.When i  check the CPU usage System Idle Process takes up 98-100% while everything else is 0 except for process explorer (2) and new start button (3-5)


----------



## Lorand (Nov 18, 2004)

If the Idle Process is above 90% then where's the lag?


----------



## Ryman21 (Nov 18, 2004)

You've got me there...Listen, im just going to reformat my hd..Lets hope that works


----------



## Praetor (Nov 18, 2004)

> If the Idle Process is above 90% then where's the lag?


Background HDD optimization. You can have 95+% Idle and the drive can chew itself to crap resulting in zero performance. I usually find this only happens if you have craploads upon craploads of nested big files (more so with AVI and other media types where the OS attempts to pre-deal with them)


----------

