Hijack this log.

bkribbs · May 9, 2010

My computer is really slowing down. Does all of this look ok?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:45 PM, on 5/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Benton\Desktop\New Folder\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CB6DC47-B9F4-4476-8E91-2B0A9CFCD705}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{84CEBB82-26DD-4FA3-86E9-0417F020462D}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CB6DC47-B9F4-4476-8E91-2B0A9CFCD705}: NameServer = 209.18.47.61,209.18.47.62
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 5287 bytes

bkribbs · May 9, 2010

What is
"O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE"

Google has returned confusing answers. I don't know if I need it starting. But my major concern is if there is a virus or anything you all see.

deanj20 · May 9, 2010

What do you mean by "slowing down" - do all programs take longer to load, the desktop hangs/becomes unresponsive, or is it just certain ones - or just your browsing speed?

ICO.exe appears to be related to your mouse - provides added features I assume - you should be fine without it. Same goes for the APoint stuff - do you have some sort of special mouse? If not, I'd uninstall all that crap.

I've also suggested in the past that you disable that Apple crap - just b/c you want to use your iPod doesn't mean you need the programs running at startup and idling in the background hogging your memory the whole time the computer is on. Same goes for the VNC server and the Brother software. If you're not using it the whole time your computer is on, why do you need it running the whole time your computer is on?

As for the virus check - I'm assuming your Malwarebytes and MS Security Essentials are up to date? I would hope that they would have caught any nasties if so...

Let's try this: Go to msconfig, disable all of your Startup processes, then disable all of your Services (once you've hidden all Microsoft services), then reboot. As soon as your computer starts up, check msconfig again, and see if anything has "re-enabled" itself, and then check your process list in task manager (ctrl+alt+del) to see what's running. Post back with your idle CPU usage and any processes using over 10,000K memory. Then we'll start re-enabling your startup services/processes as they are needed.

If you are good there, when is the last time you ran CCleaner? How about defragmented your HDD? I prefer Auslogics. How full is your HDD? Do you have other devices hooked into the compuer via USB/firewire/etc?

Also, go to Start-->Accessories-->System Tools-->System Information and make sure that all of your RAM is being recognized

bkribbs · May 9, 2010

deanj20 said:
What do you mean by "slowing down" - do all programs take longer to load, the desktop hangs/becomes unresponsive, or is it just certain ones - or just your browsing speed?

ICO.exe appears to be related to your mouse - provides added features I assume - you should be fine without it. Same goes for the APoint stuff - do you have some sort of special mouse? If not, I'd uninstall all that crap.

I've also suggested in the past that you disable that Apple crap - just b/c you want to use your iPod doesn't mean you need the programs running at startup and idling in the background hogging your memory the whole time the computer is on. Same goes for the VNC server and the Brother software. If you're not using it the whole time your computer is on, why do you need it running the whole time your computer is on?

As for the virus check - I'm assuming your Malwarebytes and MS Security Essentials are up to date? I would hope that they would have caught any nasties if so...

Let's try this: Go to msconfig, disable all of your Startup processes, then disable all of your Services (once you've hidden all Microsoft services), then reboot. As soon as your computer starts up, check msconfig again, and see if anything has "re-enabled" itself, and then check your process list in task manager (ctrl+alt+del) to see what's running. Post back with your idle CPU usage and any processes using over 10,000K memory. Then we'll start re-enabling your startup services/processes as they are needed.

If you are good there, when is the last time you ran CCleaner? How about defragmented your HDD? I prefer Auslogics. How full is your HDD? Do you have other devices hooked into the compuer via USB/firewire/etc?

Also, go to Start-->Accessories-->System Tools-->System Information and make sure that all of your RAM is being recognized

I will disable the mouse stuff, but I want the apple, vnc, and brother starting up. My virus stuff is up to date, and I ran ccleaner yesterday. I will try a defrag. And when I said it is slow, I mean it will freeze for a few seconds randomly. I will do the rest of the stuff that you suggested later. Thanks

I have half (40 gigs) of my hdd empty. I have just my wireless mouse and monitor plugged in.

Defragging now. Also, it is picking up all of my RAM.

deanj20 · May 9, 2010

I will disable the mouse stuff, but I want the apple, vnc, and brother starting up.

If you insist. But it wouldn't hurt to disable everything for just one reboot to see if that's contributing to your problem - can you give us a list of processes that are using more than 10,000K?

Also, if you are using a wireless mouse, you may need the mouse stuff running...

What other kind of hardware do you have plugged in? And does it freeze using any certain programs, or just anything?

My Firefox starts to get "real choppy" after I've had it running for a while - it has "memory leaks" - the longer you keep it open and the more pages you visit (I often have 10+ tabs open at once), the more memory it tends to use...for example, right now it's using 75,000K... now I copy and paste my reply into Notepad, and restart Firefox... and it's using 24,000K

Still a good browser though...

Checking your process list in task manager is a really handy way to see what's eating up your memory...

[edit] by the time I posted my reply, Firefox was up to nearly 40,000 K... I might look into Opera...

[/edit]

bkribbs · May 9, 2010

deanj20 said:
If you insist. But it wouldn't hurt to disable everything for just one reboot to see if that's contributing to your problem - can you give us a list of processes that are using more than 10,000K?

Also, if you are using a wireless mouse, you may need the mouse stuff running...

What other kind of hardware do you have plugged in? And does it freeze using any certain programs, or just anything?

My Firefox starts to get "real choppy" after I've had it running for a while - it has "memory leaks" - the longer you keep it open and the more pages you visit (I often have 10+ tabs open at once), the more memory it tends to use...for example, right now it's using 75,000K... now I copy and paste my reply into Notepad, and restart Firefox... and it's using 24,000K Still a good browser though...

Checking your process list in task manager is a really handy way to see what's eating up your memory...

[edit] by the time I posted my reply, Firefox was up to nearly 40,000 K... I might look into Opera... [/edit]

Actually, the mouse stuff is because I have problems with the touchpad mouse. But, I don't typically use it anyways, so nbd. The only hard ware I have is my mouse and external monitor.

On an extra note, consider google chrome as a browser. I like it. Opera is good to.

My over 10k list:
MsMpEng.exe -Microsoft security essentials
chrome.exe (on there 4 times. I have no idea why. I know each tab has a separate process, but I only have three tabs open?)
svchost.exe (twice)
explorer.exe
BrMfcWnd.exe -status monitor for the brother printer
usually msseces.exe is but it isn't right now. it is at 8k

deanj20 · May 9, 2010

Well, I would disable the Brother stuff, but you don't want to so IDK what to tell you.

I would also disable the active scanning in Microsoft Security Essentials - I would just scan with it manually if you fear that you may have become infected (I don't even use an antivirus/antimalware, and I haven't been infected in nearly ten years).

svchost could be any number of things - I would check under Control Panel-->Administrative Tools-->Services and disable any you don't need.

How much is Chrome using? Also, do you have any other hardware connected to the computer? Have you looked under Device Manager to see if you have any hardware errors? Did the defrag help anything?

You said that it's really "slowing down" - so, it was running great before? What have you installed? Hardware or software? Surely something has changed?

bkribbs · May 9, 2010

deanj20 said:
Well, I would disable the Brother stuff, but you don't want to so IDK what to tell you.

I would also disable the active scanning in Microsoft Security Essentials - I would just scan with it manually if you fear that you may have become infected (I don't even use an antivirus/antimalware, and I haven't been infected in nearly ten years).

svchost could be any number of things - I would check under Control Panel-->Administrative Tools-->Services and disable any you don't need.

How much is Chrome using? Also, do you have any other hardware connected to the computer? Have you looked under Device Manager to see if you have any hardware errors? Did the defrag help anything?

You said that it's really "slowing down" - so, it was running great before? What have you installed? Hardware or software? Surely something has changed?

Well I put in 2 gigs of RAM, and that helped. But it seems like its slowing down. I have to have the Microsoft Security ruuning, because I use my flashdrive at school, so it literally always gets a virus from there. So far it has stopped my computer from getting infected 3 times. There is no other hardware. The defrag actually may have done it. And how do I tell which svchost's I can disable?

deanj20 · May 9, 2010

I have to have the Microsoft Security ruuning, because I use my flashdrive at school, so it literally always gets a virus from there.

That doesn't make sense. Are you telling me that the school's computers are so infected that viruses/malware just jump right off of the computers onto your flashdrive? LMAO! I'm sure it's possible, but I've never seen anything like that in 15 years of removing computer viruses. And even then, if your computer is set up properly, nothing would be able to install itself automatically from the flash drive to your computer. You would have to run something or have Autoplay enabled...

But whatever - if you want programs running in the background, then you're going to pay for it with memory usage, and there is just no getting around that. If I had a 1.7GHz computer, the only thing I would allow to run in the background would be vital Windows processes.

Can you give us an idea of how slow it's actually running? On my 2.8GHz/1GB RAM Win 7 box it takes just over 2 seconds for Firefox to load. CCleaner loads in less than a second. Firefox loads in about 3 seconds on my 2.0GHz/1GB RAM Slackware 13.0 box (under Fluxbox)...

As for disabling Microsoft services, just scroll through the list under Control Panel->Administrative Options->Services... it gives you pretty detailed informaion on each one. Put them in order so that the ones that start up auomatically are all together, then go through it... here won't be many that you should disable - I usually take out Messenger and a few others I think... On second thought, maybe you shouldn't mess around in there...

If you want to go through msconfig and tell me everything that is checked, I can tell you what I would uncheck - but if you want crap like that Apple software running in the background, then you are going to pay for it with memory usage...

The defragment should have helped - did you use the Auslogics Disk Defragmenter? It does a much better job than the Windows utility.

bkribbs · May 9, 2010

deanj20 said:
That doesn't make sense. Are you telling me that the school's computers are so infected that viruses/malware just jump right off of the computers onto your flashdrive? LMAO! I'm sure it's possible, but I've seen anything like that in 15 years of removing computer viruses. And even then, if your computer is set up properly, nothing would be able to install itself automatically from the flash drive to your computer. You would have to run something or have Autoplay enabled...

But whatever - if you want programs running in the background, then you're going to pay for it with memory usage, and there is just no getting around that. If I had a 1.7GHz computer, the only thing I would allow to run in the background would be vital Windows processes.

Can you give us an idea of how slow it's actually running? On my 2.8GHz/1GB RAM Win 7 box it takes just over 2 seconds for Firefox to load. CCLeaner loads in less than a second. Firefox loads in about 3 seconds on my 2.0GHz/1GB RAM Slackware 13.0 box (under Fluxbox)...

As for disabling Microsoft services, just scroll through the list under Control Panel->Administrative Options->Services... it gives you pretty detailed informaion on each one. Put them in order so that the ones that start up auomatically are all together, then go through it... here won't be many that you should disable - I usually take out Messenger and a few others I think... On second thought, maybe you shouldn't mess around in there...

If you want to go through msconfig and tell me everything that is checked, I can tell you what I would uncheck - but if you want crap like that Apple software running in the background, then you are going to pay for it with memory usage...

The defragment should have helped - did you use the Auslogics Disk Defragmenter? It does a much better job than the Windows utility.

How does one defragmenter work better than another?

deanj20 · May 9, 2010

Not 100% positive, but I've used both, and the Auslogics gave me better results. It's all about the algorithm.

I see that you've started a thread on the matter, and it's a damn good question. I asked on Yahoo! Answers - still awaiting results...

The Windows Defag works fine, and for a long time I never used anything else. But after seeing so many people recommend Auslogics on this forum, I decided to give it a shot. And I was very impressed! It ran a lot faster and I like the GUI a lot better, and it seemed like everything ran a lot more smoothly after running it - but of course, that might just be my imagination... try it out and see what you think...

bkribbs · May 10, 2010

That actually wasn't me. I have found from experience, yahoo! answers sucks. You are on the front page for 15 seconds. You will have had 90% of you answers submitted in the next 30 seconds. So I gave up on it.

deanj20 · May 10, 2010

Really? I've had nothing but positive experiences with it, both as an asker and an answerer. If you look under the different categories, and look at only unanswered questions, you can find a lot of questions to answer.

BTW, I got a good answer in about five minutes of asking it:

Yahoo! Answers said:
Any defrag program results in the exact same thing... a more linear hard-disk which improves the lookup process of the computer.

The main difference some of these programs may have are their special features.. A program such as SmartDefrag has an ongoing defragmentation as a background process, which results in a more linear disk and does not require the long defrag every week.

Some of these programs also offer more specialized defrag's, such as a quick defrag which skips some non-essentials and only defrags the Windows folder for example.

All in all, they all function and result in the same thing - however some 3rd party programs offer more customization and some special features.

Kyle

bkribbs · May 10, 2010

deanj20 said:
Really? I've had nothing but positive experiences with it, both as an asker and an answerer. If you look under the different categories, and look at only unanswered questions, you can find a lot of questions to answer.

BTW, I got a good answer in about five minutes of asking it:

Hm. That's actually a pretty informative post. Maybe they just don't like me? But, I did download, Auglostics-however you spell it- and I will try it out later.

Thanks for all of your help!

Bkribbs

Hijack this log.

bkribbs

New Member

bkribbs

New Member

deanj20

New Member

bkribbs

New Member

deanj20

New Member

bkribbs

New Member

deanj20

New Member

bkribbs

New Member

deanj20

New Member

bkribbs

New Member

deanj20

New Member

bkribbs

New Member

deanj20

New Member

bkribbs

New Member