|
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
System seems to boot OK but when you double click on a desktop icon instead of the programme launching the properties for that programme are displayed. Happens on all icons. This happens nine boots out of ten. Boot and shut down time also seems to be extended. Any ideas?
|
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
Sounds to me as if your mouse is playing up. What sort is it, optical or ball?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
Optical, wireless but have tried hard wired original MS mouse but still same problem. Problem getting worse.
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
What happens if you right click the icon and choose Open?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
Greysts, don't want to turn machine off at the moment, work to do and it took me almost two hours this morning before I could access anything - I'll try in the morning and get back to you - thanks for the suggestions.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
OK, this morning right clicked and open and the programme starts, double left click - properties box - just so annoying and a concern in case it is the start of something more serious. Any ideas?
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
Do you have any problems double clicking anything else apart from shortcuts?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
Greysts, absolutely none - once it is up and running all is fine and running at top speed. Have run virus, spyware, malware and trojan scans, all negative and have used registry mechanic and ccleaner to try and make sure the registry is in reasonable shape. No problems on shutdown. Also ran bootvis and longest boot time recorded by that was 120 seconds so don't know where to go now. Any other thoughts greatfully received.
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
I still think it's the mouse. Have you tried installing the latest Logitech mouseware?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
Update. Fairly positive it is not a mouse problem. Took over 2 hours to get a good boot yesterday so decided to bite the bullet and reload XP. After I did this I had network problems and all the install cds were with my son 200 miles away so used Drive Image to restore the complete C drive although the system still had the same problem when I made the original backup. Once restored the system takes ages to completely boot, 6 to 7 minutes, but once its up all icons double click fine. Have rebooted five times so far without repeat of the problem. Have minimum running at startup so now just to find out why the boot is so slow, used to boot in anything between 74 and 121 seconds according to SpeedupmyPC. I am beginning to think that it may be one of those things that just has to be put down to the wonders of XP.
Thanks for all your help and suggestions, guys.
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
6 to 7 minutes for boot up is about 5 minutes too long. If you care to post an HJT log in this thread we can have a look at what's loading at startup and suggest some remedies.
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
Hi Greysts,
Sorry been away for a couple of days. HJT log below:-
Logfile of HijackThis v1.99.1
Scan saved at 15:45:36, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\DAVID\Acrobat 7 Pro\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\DAVID\Proshow gold\ScsiAccess.exe
C:\DAVID\Spyware\SpywareDoctor\Spyware Doctor\sdhelp.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Wireless Device\Versato.exe
C:\Program Files\Wireless Device\MulMouse.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless Device\MagicWl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless Device\OSD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\DAVID\Video Resources\Gama Panel\gapa.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\DAVID\Spyware\SpywareDoctor\Spyware Doctor\swdoctor.exe
C:\DAVID\Temp unzip\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\DAVID\Acrobat 7 Pro\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\DAVID\Acrobat 7 Pro\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Versato.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\MulMouse.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\DAVID\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\DAVID\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/075a80bf2a103e3aec15/netzip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00B9B9D0-D55A-4841-8680-57BE44DD4AA4}: NameServer = 212.159.13.49,212.159.13.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{42CB7AA8-4DB5-4B0F-BAF1-A6101B6228D0}: NameServer = 212.159.6.9,212.159.6.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{00B9B9D0-D55A-4841-8680-57BE44DD4AA4}: NameServer = 212.159.13.49,212.159.13.50
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: ScsiAccess - Unknown owner - C:\DAVID\Proshow gold\ScsiAccess.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\DAVID\Spyware\SpywareDoctor\Spyware Doctor\sdhelp.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
The first things that spring to mind are Acrobat7, QuickBooks and Finepix viewer which are all loading at startup. Do you need them all running? You've also got an out of date version of Java. First remove the old version though Add/Remove Programmes then install the latest one from here.
Just noticed Drive Image is also running. What do you use that for? The other thing is McAfee. You can see for yourself the huge number of processes that generates. Any chance you could choose a less intrusive piece of software?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
Progress. Removed Finepix and Acrobat from Startup and enabled boot timing on SpeedUpmyPC. Consistant boot time of 110 seconds. Drive Image was lurking under Services and not Startup so have set to manual. Best boot time now is 94 seconds sometimes up to 105. This is the reported boot time but desktop takes another 1.5 to 2 minutes to be operative. Was surprised how much Mcafee hooked into things, can you suggest an AV programme that is less demanding? Many thanks for your help, system is at least usable and seems more stable now.
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
Are you only using McAfee for it's anti-virus properties? If so I would consider AVG or Avast which are both free. If you decide to remove McAfee and replace it could you run another log and let me have a look?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
OK. McAfee is no more unless it is hiding somewhere. AVG installed. Thinking back, and I could be wrong, trouble started soon after, not straight after, McAfee "improved" their product. Maybe just a coincidence. HJT log below, any comments greatfully received. Many thanks.
Logfile of HijackThis v1.99.1
Scan saved at 14:08:57, on 25/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\LckFldService.exe
C:\DAVID\Proshow gold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Wireless Device\Versato.exe
C:\Program Files\Wireless Device\MulMouse.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Wireless Device\MagicWl.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Wireless Device\OSD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\DAVID\Video Resources\Gama Panel\gapa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DAVID\Temp unzip\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\DAVID\Acrobat 7 Pro\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Versato.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\MulMouse.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\DAVID\Acrobat 7 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\DAVID\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\DAVID\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/075a80bf2a103e3aec15/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00B9B9D0-D55A-4841-8680-57BE44DD4AA4}: NameServer = 212.159.13.49,212.159.13.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{42CB7AA8-4DB5-4B0F-BAF1-A6101B6228D0}: NameServer = 212.159.6.9,212.159.6.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{00B9B9D0-D55A-4841-8680-57BE44DD4AA4}: NameServer = 212.159.13.49,212.159.13.50
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\DAVID\Proshow gold\ScsiAccess.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\DAVID\Spyware\SpywareDoctor\Spyware Doctor\sdhelp.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
You can fix this lot with HJT
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
You still seem to have a pile of Adobe Acrobat stuff running at startup. Do you need it all the time or can you call it as and when?
I don't know anything about speedupmypc.exe. Does it do what it says or is it just another thing running in the background that you don't need?
These two aren't familiar either, spampal.exe and bdoscandel.exe. Know anything about them?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
ourstanley
regular
Reg'd: Sun
Posts: 8160
Loc: Yorkshire, England
|
|
bdoscandel.exe
is a Uninstall BitDefender Online Scanner. Can be removed if not required.
spampal.exe
SpamPal is a mail classification program that can help separate your spam from the mail you really want to read.
--------------------
ESET Smart Security - Maxthon Browser - Calendar of Updates - Folding@Home - RSS Bandit - HostsMan - Malwarebytes Anti-Malware - Glary Utilities - Revo Uninstaller - Secunia PSI
|
minicat
new user
Reg'd: Fri
Posts: 13
|
|
New HJT below. Much cleaner now and no problems with boot - so far. It looks like Acrobat was bloating the registry but the real improvement came when I removed McAffee, just hooking into too many things. When software suppliers "improve" their product I rarely find an improvement, it usually just has more bells and whistles that you will rarely (never) use and and it makes increasing demand on system resources. Just a Luddite I guess and still smarting from paying £199, many years ago, for a 20Meg hard disk, heaven when most applications ran in less than 50k. End of rant. Many thanks again for all your assistance.
Logfile of HijackThis v1.99.1
Scan saved at 11:25:47, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\LckFldService.exe
C:\DAVID\Proshow gold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Wireless Device\Versato.exe
C:\Program Files\Wireless Device\MulMouse.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Wireless Device\MagicWl.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Wireless Device\OSD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\DAVID\Video Resources\Gama Panel\gapa.exe
C:\DAVID\Temp unzip\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Versato.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\MulMouse.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DAVID\Spyware\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\DAVID\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\DAVID\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/075a80bf2a103e3aec15/netzip/RdxIE601.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00B9B9D0-D55A-4841-8680-57BE44DD4AA4}: NameServer = 212.159.13.49,212.159.13.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{42CB7AA8-4DB5-4B0F-BAF1-A6101B6228D0}: NameServer = 212.159.6.9,212.159.6.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{00B9B9D0-D55A-4841-8680-57BE44DD4AA4}: NameServer = 212.159.13.49,212.159.13.50
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\DAVID\Proshow gold\ScsiAccess.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\DAVID\Spyware\SpywareDoctor\Spyware Doctor\sdhelp.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
|
greysts
regular
Reg'd: Thu
Posts: 18225
Loc: Colchester
|
|
That all looks fine now apart from this line
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
I don't know the programme but it appears to be trying to run an update every time you switch on your PC. Do you need it to run at startup?
--------------------
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
