Windows freezing causing it to run very slow

[Guest]

Ok, it may sound weird, but the best way I can describe my problem with
Windows XP is as following: It freezes and starts to work again many times
per second.

This gives the following symptoms of this kind of "windows-sickness":

* When playing ANY sound on the system, playing sounds like coming from
under water, because it stops and restarts many times per second, causing ANY
sound to take about 4 times as long to play.

*System is also about 4 times as slow, exept when using the hard disk, it is
even much slower.


The problem started after I had to REINSTALL windows because of a totally
different problem. The system worked fine for som days, then one day it
suddenly had gone totally slow. It was really suddenly.

The windows has very few, and only trusted program installed. It should be
healthy, due to newly reinstallment of Windows XP.

To try solve the problem I have done as following:

* I have run really heavy defragmentation of the hard disk, using a special
tool, so as to get windows have easy access to all files.

* Used a program called "Advanced Windows Care 2 Professional" to get rid of
any problem with Registery, startup items, spyware and security. It reports
to have found and fixed all problems.

Still this problem continue.

I have an Acer Aspire Computer, Intel Core Duo T2050 1.6 GHz, 1 GB DDR2 RAM,
120 GB HDD wich has lots of free space.


The CPU usage is almost constant very low, so the problem is not here.

The page file is at 1024 MB. I have tried different sizes, but it does not
affect the performance. Number of processes, 76, none are untrusted.

To put the symptoms this problem has on me: it drives me crazy, sorry.

Hope anyone can help.

Thank you for any help...

 

[Guest]

Please tell if this is not the right forum.

I have read that it can help to remove messenger live and msn, because they
are not stable programs, so now i have removed these program.

But the problems is still unsolved.

Another symptom I didn't mention is that when windows desktop and its icons
are finished loading, the system comletely freezes for 2 - 3 minutes. I can
move the cursor thou, but I can't start any programs. After the freeze, the
icons on status bar besides the clock starts to load, and I can then get
programs to start.

Beside this, the problems mentioned in the last posting remains.

Hope someone can help.

Thank you.

 

[Gerry Cornell]

Advanced Windows Care 2 Professional could be the problem. These type
of product camn have the opposite affect to what you would like. If it
was supposed to clean up your start-up then having 76 running
processes is a strange outcome. The optimising option and it's messing
with the registry are potentiall likely to cause problems.

Look in the system and application logs for Warning and Error Reports
in Event Viewer for the last boot and post copies here. Disregard
Information Reports.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Part of the Description of the error will include a link, which you
should double click for further information. You can copy using copy
and paste. Often the link will, however, say there is no further
information.
http://go.microsoft.com/fw.link/events.asp
(Please note the hyperlink above is for illustration purposes only)

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event Viewer.
Now start your message (email) and do a paste into the body of the
message. Make sure this is the first paste after exiting from Event
Viewer.

Your 76 processes should be above or below 50. Install and run
HijackThis:
Download HijackThis (Freeware)
http://tomcoyote.com/hjt/

This programme produces a list of running process which you can post
here. Please do not post the remainder as this part is intended for
detecting malware and it is customary to post these to a specialist
forum for analysis.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

Advanced Windows Care 2 Professional could be the problem. These type
of product camn have the opposite affect to what you would like. If it
was supposed to clean up your start-up then having 76 running
processes is a strange outcome. The optimising option and it's messing
with the registry are potentiall likely to cause problems.

Look in the system and application logs for Warning and Error Reports
in Event Viewer for the last boot and post copies here. Disregard
Information Reports.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Part of the Description of the error will include a link, which you
should double click for further information. You can copy using copy
and paste. Often the link will, however, say there is no further
information.
http://go.microsoft.com/fw.link/events.asp
(Please note the hyperlink above is for illustration purposes only)

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event Viewer.
Now start your message (email) and do a paste into the body of the
message. Make sure this is the first paste after exiting from Event
Viewer.

Your 76 processes should be above or below 50. Install and run
HijackThis:
Download HijackThis (Freeware)
http://tomcoyote.com/hjt/

This programme produces a list of running process which you can post
here. Please do not post the remainder as this part is intended for
detecting malware and it is customary to post these to a specialist
forum for analysis.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

HijackThis:
Download HijackThis (Freeware)
http://tomcoyote.com/hjt/

Pinon:

When trying to install this program I recieve this error message:
"The program cannot start because MSVBVM60.DLL does not exist".
Do you know how to get the file and where to install it?


Thank you!

 

[Guest]

Sorry, one of my threads did not got right on the server.

I have to write once more...

Here are the postings you asked for...

Hendelsestype: Advarsel
Hendelseskilde: Userenv
Hendelseskategori: Ingen
Hendelses-ID: 1517
Dato: 09.02.2007
Klokkeslett: 20:24:17
Bruker: NT-MYNDIGHET\SYSTEM
Datamaskin: BIRGIT-LAPTOP
Beskrivelse:
Windows lagret registeret for bruker BIRGIT-LAPTOP\Birgit Tangstad mens et
program eller en tjeneste brukte registeret under avlogging. Minnet brukt av
brukerens register er ikke frigitt. Registeret vil bli lastet ut når det ikke
lenger er i bruk.

Dette skyldes ofte at tjenester kjører som en brukerkonto. Prøv å
konfigurere tjenesten til å kjøre i enten LokalTjeneste- eller
NettverksTjeneste-kontoen.

Hvis du vil ha mer informasjon, se Hjelp og støtte på
http://go.microsoft.com/fwlink/events.asp.



Hendelsestype: Feil
Hendelseskilde: PerfNet
Hendelseskategori: Ingen
Hendelses-ID: 2004
Dato: 09.02.2007
Klokkeslett: 20:28:16
Bruker: I/T
Datamaskin: BIRGIT-LAPTOP
Beskrivelse:
Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Hvis du vil ha mer informasjon, se Hjelp og støtte på
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 34 00 00 c0 4..À

Gerry Cornell 2/8/2007 8:55 AM PST
Advanced Windows Care 2 Professional could be the problem.

Advanced Windows Care is not the problem, due to it was installed after the
problem begun, and was installed because I wanted to solve this problem. But
it did not fix this problem.


Thank you for your help

pinon

 

[Guest]

Sorry, one of my threads did not got right on the server.

I have to write once more...

Here are the postings you asked for...

Hendelsestype: Advarsel
Hendelseskilde: Userenv
Hendelseskategori: Ingen
Hendelses-ID: 1517
Dato: 09.02.2007
Klokkeslett: 20:24:17
Bruker: NT-MYNDIGHET\SYSTEM
Datamaskin: BIRGIT-LAPTOP
Beskrivelse:
Windows lagret registeret for bruker BIRGIT-LAPTOP\Birgit Tangstad mens et
program eller en tjeneste brukte registeret under avlogging. Minnet brukt av
brukerens register er ikke frigitt. Registeret vil bli lastet ut når det ikke
lenger er i bruk.

Dette skyldes ofte at tjenester kjører som en brukerkonto. Prøv å
konfigurere tjenesten til å kjøre i enten LokalTjeneste- eller
NettverksTjeneste-kontoen.

Hvis du vil ha mer informasjon, se Hjelp og støtte på
http://go.microsoft.com/fwlink/events.asp.



Hendelsestype: Feil
Hendelseskilde: PerfNet
Hendelseskategori: Ingen
Hendelses-ID: 2004
Dato: 09.02.2007
Klokkeslett: 20:28:16
Bruker: I/T
Datamaskin: BIRGIT-LAPTOP
Beskrivelse:
Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Hvis du vil ha mer informasjon, se Hjelp og støtte på
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 34 00 00 c0 4..À





Advanced Windows Care is not the problem, due to it was installed after the
problem begun, and was installed because I wanted to solve this problem. But
it did not fix this problem.


Thank you for your help

pinon

I don't know if this error reports is of intrest in this case, but I post
them, just in... eh... case:

Hendelsestype: Feil
Hendelseskilde: Service Control Manager
Hendelseskategori: Ingen
Hendelses-ID: 7000
Dato: 09.02.2007
Klokkeslett: 20:32:25
Bruker: I/T
Datamaskin: BIRGIT-LAPTOP
Beskrivelse:
Tjenesten IMAPI CD-Burning COM Service kan ikke startes på grunn av følgende
feil:
Tjenesten svarte ikke på start- eller kontrollforespørselen innenfor
tidsrammen.

Hvis du vil ha mer informasjon, se Hjelp og støtte på
http://go.microsoft.com/fwlink/events.asp.



You perhaps may want me to transelate som of this texts?



Thank you!

 

[Gerry Cornell]

For Event ID: 1517

Download and install the User Profile Hive Cleanup Service
Download details: User Profile Hive Cleanup Service
http://snipurl.com/5b61

UPHClean v1.5e readme.txt
http://snipurl.com/ko8m

I do not know too much about Event ID 2004 but have you tried the User
Action recommended. What was the result?
http://www.microsoft.com/technet/su...odVer=5.2&EvtID=2004&EvtSrc=Perfnet&LCID=1033

Can you please tell me which languare the error messages are written
in. I could possibly find out but it would be simpler not to have to
try.


--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

I had this same problem happen to my computer a few days ago. I was able to
slove it by going to run, typing msconfig, and choosing a selective startup
that unloaded the start up programs. Now my computer is working better than
it has for months. (If you want you can add them back one at a time to see
which one might be causing your problems.)

You might also try F-8 ing your computer when it starts up and then choosing
the last time my computer worked correctly option. (Another option is to use
the system restore program)

Any of these options would be better for you than to start deleting a bunch
of programs that might not be the one causing your problems.

You might also have, gulp, a defective hard drive. You should be able to
check this by right clicking the MY Computer button on your desktop and
selecitng the manage computer button. Check the section disk storage and
then disk management.

You can find a good article about some of these suggestions here.

http://www.microsoft.com/windowsxp/using/setup/expert/northrup_restoreperf.mspx

Since you had to restore you op-sys, another suggestion is that you make
sure you have all the drivers you need installed and up to date.

I hope this helps you.

 

[Guest]

User Profile Hive Cleanup Service has been successfully installed. But the
system performance seems to bee like before.

I have downloaded HijackThis and tried to install it, but when trying to run
HijackThis.exe, I recieve this error message:
"The program can't start because MSVBVM60.DLL does not exist."

Error messages is recieved in norwegian language.


Event ID 2004: User Action recommended has been done and revealed no errors.

I tried this command:
C:\DOCUME~1\BIRGIT~1>net statistics
Det finnes statistikk for følgende kjørende tjenester:

Server
Workstation

Kommandoen er fullført.

(server and workstation statitics are working just fine, it seems).

I tried this command, witch seem to reveal no error:

C:\DOCUME~1\BIRGIT~1>net statistics server
Serverstatistikk for \\BIRGIT-LAPTOP


Statistikk siden 2/10/2007 1:40 PM


Godtatte økter 1
Økter tidsavbrutt 0
Økter avbrutt på grunn av feil 0

Kilobyte sendt 0
Kilobyte mottatt 0

Gjennomsnittlig svartid (ms) 0

Systemfeil 0
Overtredelse av tillatelser 0
Overtredelse av passord 0

Filer som det er gitt tilgang til 0
Kommunikasjonsenheter som det er gitt tilgang til 0
Antall utskriftsjobber i køen 0

Antall ganger bufferne har vært fulle

Store buffere 0
Forespørselsbuffere 0

Kommandoen er fullført.


I don't see anything that indicates what may bee wrong here.


What shall I do next?


Thank you.

 

[Guest]

Thank you for your suggestions.


Actually, its not my own computer, but my mums, which has this problems.

Therefore, at this moment I have not much time for time-consuming
operations, but I will try them one by one when I get enought time.

I think the procedyre of choosing a selective startup are going to take
several of hours, trying unlash the problem, whith no guaranty of fixing it
of course. So if there are no easy ways to fix this problems, I will try
this. I am happy you shared this option, and if I must try it, I will post
the results here

I don't think it is a hardware failure, because I now have installed Linux
Ubuntu as a dual start up option. Linux runs without problems and without any
delays. So I will advise my mother to consider using Linux, if she runs short
of patiens with the Windows. As long as this problem is not solved.

I don't feel so much about installing windows once more, since I have just
done so. I may perhaps find the Windows going back to exactly the same state
as now.

When I get some time to spear thou, I will try follow your suggestions!

I will follow your suggestion by trying to run the disk management.



Thanks!

 

[Gerry Cornell]

Try selecting Start, Run and type "Regsvr32.exe msvbvm60.dll" without
quotes and click OK. If it indicates success try running HijackThis.

I need to think about the rest of your message.


--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

I tried to run that command and I recieved this error message:
"LoadLibrary(msvbvm60.dll) failed - The requested module was not found".
(Translated from Norwegian.)

pinon.

 

[Gerry Cornell]

Pinon

Visual Basic does not come as part of Windows XP. It would seem
possible you have never downloaded and now need it.

If it had been downloaded a copy msvbvm60.dll would be in
C:\windows\system32. Check first that you can see hidden system files
and then look in the system32 folder. If not there download the
service pack.

Go to Start, Control Panel, Folder Options, View, Advanced Settings
and verify that the box before "Show hidden files and folders" is
checked and "Hide protected operating system files " is unchecked. You
may need to scroll down to see the second item. You should also make
certain that the box before "Hide extensions for known file types" is
not checked. Next in Windows Explorer make sure View, Details is
selected and then select View, Choose Details and check before Name,
Type, Total Size, and Free Space.

VBRun60sp6.exe installs Visual Basic 6.0 SP6 run-time files
http://support.microsoft.com/kb/290887

Service Pack 6 for Visual Basic 6.0: Run-Time Redistribution Pack
(vbrun60sp6.exe)
http://www.microsoft.com/downloads/...61-7A9C-43E7-9117-F673077FFB3C&displaylang=en

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

Here is the list of threads running in Windows, according to Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 20:16:21, on 13.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\Programfiler\UPHClean\uphclean.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programfiler\Launch Manager\Wbutton.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe
C:\Programfiler\Launch Manager\OSDCtrl.exe
C:\Programfiler\Launch Manager\HotkeyApp.exe
C:\Programfiler\Launch Manager\LaunchAp.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
D:\Mine mottatte filer\Hijack This Quick Start\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Koblinger
R3 - URLSearchHook: SweetIM For Internet Explorer -
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} -
C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
- C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management -
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer -
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering
Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programfiler\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programfiler\IObit\IObit
SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer
Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD &
DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Programfiler\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programfiler\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]]
C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe
/automation
O4 - HKLM\..\Run: [LogitechCameraAssistant]
C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering
Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AzMixerSel]
C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering
Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec
Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: Telenor Sikker Lagring.lnk = C:\Programfiler\Telenor Sikker
Lagring\safestorage.exe
O4 - Global Startup: PÃ¥minnelser for Microsoft Works Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} -
C:\Programfiler\Fellesfiler\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://cyber-space-for-johnny.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. -
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation -
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) -
Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation -
C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) -
Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\DJSNETCN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech -
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec
Corporation - C:\Programfiler\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric
Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner
- C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe


Thank you for all help!


Pinon.

 

[Gerry Cornell]

Pinon

I cannot really take you further with a HijackThis log. Post the
HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

Two entries I did wonder about:

O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} -(no
file)

Please let me know which name you use with Aumha as I am interested to
know what they make of the log.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Here is the list of threads running in Windows, according to
Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 20:16:21, on 13.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program
Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\Norton Internet Security\Norton
AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\Programfiler\UPHClean\uphclean.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programfiler\Launch Manager\Wbutton.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe
C:\Programfiler\Launch Manager\OSDCtrl.exe
C:\Programfiler\Launch Manager\HotkeyApp.exe
C:\Programfiler\Launch Manager\LaunchAp.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works
Shared\wkcalrem.exe C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering
Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
D:\Mine mottatte filer\Hijack This Quick
Start\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext
= http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: SweetIM For Internet Explorer -
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} -
C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no
file)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Programfiler\Fellesfiler\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Programfiler\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management -
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} -
C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Norton Internet
Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Programfiler\Fellesfiler\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer -
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering
Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programfiler\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch
Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online
Start\Telenor.exe" O4 - HKLM\..\Run: [SynTPEnh]
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programfiler\IObit\IObit
SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer
Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech
Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Programfiler\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio]
C:\Programfiler\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]]
C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant]
C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch
Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch
Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LaunchAp]
"C:\Programfiler\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32
O4 - HKLM\..\Run: [ImageItEncrypt]
C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering
Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch
Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AzMixerSel]
C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering
Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\RunServices: [DJSNetCN]
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Startup: Telenor Sikker Lagring.lnk =
C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
O4 - Global Startup: PÃ¥minnelser for Microsoft Works Kalender.lnk
= ?
O4 - Global Startup: Microsoft Office.lnk =
C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Researcher -
{9455301C-CF6B-11D3-A266-00C04F689C50} -
C:\Programfiler\Fellesfiler\Microsoft Shared\Reference
2001\EROProj.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programfiler\Messenger\msmsgs.exe O11 - Options group:
[INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop
Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec
AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo
Upload Tool) -
http://cyber-space-for-johnny.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live
Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} -
(no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) -
Acer Inc. - C:\Acer\Empowering
Technology\ePerformance\MemCheck.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec
Corporation -
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation
(ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton
Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network
Proxy (ccProxy) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS)
(CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown
owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation -
C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink -
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec Licensing Detect Internet Connection
(DJSNETCN) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation -
C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech -
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc)
- Symantec Corporation - C:\Programfiler\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) -
Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita
Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Intel(R) PROSet/Wireless Registry Service
(RegSrvc) - Intel Corporation -
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) -
Unknown owner - C:\Programfiler\CyberLink\Shared
Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d
-f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor)
- Intel Corporation -
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Programfiler\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe


Thank you for all help!


Pinon.
a

 

[Guest]

I have created an accound at Aumha using the same nick name, pinon.
I have posted the HijackThis log there

Thank you for your help!

Pinon.

 

[killian.cheah]

I had a very similar problem with my new ACER Travelmate 4070 runnning
MS XP Pro.

I started Task Manager and with a lot (like A LOT) of persistence and
patience, eventually identified that my machine was running a process
named QtZgAcer.exe

When I searched on the web, I found a number of forum/discussion board
entries that stated that this file appeared to be causing Acer
machines of all vintages to "hang". This file relates to the Acer
Launch Manager which I think allows configuration of the soft function
keys (also known as programmable function keys).

The workaround on a couple of these forums was to uninstall Acer
Launch Manager.

Since I did that last week, I have not had any problems. I will wait a
few more days/weeks before I can be absolutely sure that the "hanging"
problem has gone away.

BTW - I wrote to Acer tech support at the Acer site and have had
absolutely no response. Not even so much as a "thank you for
contacting Acer support"!!!! Someone at work did recommend that I did
not buy an Acer..... maybe I will live to regret the decision.

You could try uninstalling Acer Launch Manager if you do not use the
soft function keys. At worst, you could re-install the software later
if you want to.

 

[Guest]

I am having the same problem with my PC... but i have found a very strange
process in the Task manager it only says Inactive system process and the
usage of the CPU is at time at 99 I previusly tried to terminate it but the
system dosn´t allow me to do it. When I right click it .... it does not
display the common option any help would be very apreciated thanks.

 

[jbsmth6379788]

Advanced Windows Care 2 Professional could be the problem. These type
of product camn have the opposite affect to what you would like. If it
was supposed to clean up your start-up then having 76 running
processes is a strange outcome. The optimising option and it's messing
with the registry are potentiall likely to cause problems.

Look in the system and application logs for Warning and Error Reports
in Event Viewer for the last boot and post copies here. Disregard
Information Reports.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Part of the Description of the error will include a link, which you
should double click for further information. You can copy using copy
and paste. Often the link will, however, say there is no further
information.
http://go.microsoft.com/fw.link/events.asp
(Please note the hyperlink above is for illustration purposes only)

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event Viewer.
Now start your message (email) and do a paste into the body of the
message. Make sure this is the first paste after exiting from Event
Viewer.

Your 76 processes should be above or below 50. Install and run
HijackThis:
Download HijackThis (Freeware)
http://tomcoyote.com/hjt/

This programme produces a list of running process which you can post
here. Please do not post the remainder as this part is intended for
detecting malware and it is customary to post these to a specialist
forum for analysis.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~





It sounds like your drivers have become unstable. To restore your basic divers back to it's original state you can do this. It should help out some. Click start - run - then type all of these drivers one at a time and wait for each to confirm of each reload.

REGSVR32 softpub.dll
REGSVR32 wintrust.dll
REGSVR32 Rsaenh.dll
REGSVR32 Mssip32.dll
REGSVR32 Cryptdlg.dll
REGSVR32 Dssenh.dll
REGSVR32 Gpkcsp.dll
REGSVR32 Slbcsp.dll
REGSVR32 Sccbase.dll
REGSVR32 initpki.dll
Hopefully this will help with your problem. If I can be of any other help :
(e-mail address removed) (Beverly)