Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Windows XP
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel excel 2003 firefox hard drive hardware internet keyboard laptop malware monitor motherboard network networking outlook problem processor recovery router safe mode screen slow sound spyware tdlwsp.dll trojan upgrade video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Operating Systems > Windows XP >
Solved: Computer preformance degrading / yearly checkup.

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
mrblaq's Avatar
Junior Member with 15 posts.
  
Join Date: Apr 2007
Experience: Advanced
01-Aug-2008, 02:25 PM #1
Solved: Computer preformance degrading / yearly checkup.
I'm not having any incredibly bad symptoms yet. But, I feel there may be some unneeded processes hanging out in the background. Does anyone see anything malicious in this hijack log?

Thanks a lot.

Logfile of HijackThis v1.99.1
Scan saved at 12:58:28 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FAH\fah504-console.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\FAH\FahCore_82.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UnrealStreaming\ULiveServer\ULiveServer.exe
C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\Program Files\WebDrive\wdService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\XPUnlimited\xputserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WebDrive\webdrive.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Monitor Calibration Wizard\MCW.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\PuTTY\pageant.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s /p
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: Shortcut to pageant.lnk = C:\Program Files\PuTTY\pageant.exe
O4 - Startup: Version 2.2 XP Unlimited.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = store.vitalculture.com
O17 - HKLM\Software\..\Telephony: DomainName = store.vitalculture.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAEA927A-0A85-42D8-B3BB-7A4DF3C883D1}: NameServer = 10.0.0.30,209.85.24.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = store.vitalculture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = store.vitalculture.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\rserver30\r3god.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: FAH@C:+Program Files+FAH+fah504-console - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Google Update Service (gupdate1c8e20cab0b48ac) (gupdate1c8e20cab0b48ac) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe" /service (file missing)
O23 - Service: ULiveServer - Unreal Streaming Technologies Group. - C:\Program Files\UnrealStreaming\ULiveServer\ULiveServer.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies Group. - C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
O23 - Service: XPUnlimited Terminal Server (xpu_tserver) - IPConsult BV - C:\Program Files\XPUnlimited\xputserver.exe
Register for free to hide this ad!
padutch's Avatar
Senior Member with 1,297 posts.
  
Join Date: Sep 2001
Location: Pennsylvania
Experience: Intermediate
01-Aug-2008, 02:54 PM #2
first you have 27 on your startup list . That would be the 04 on your HJT log . I have 4 on mine . this site http://www.bleepingcomputer.com/startups/ will help you clean house a bit . you can find your startup list start < run > type msconfig and click OK . Click on the startup tab . Uncheck the ones you don't need at startup .
Download ATF-Cleaner , it's free and helps delete all temp files and others .
http://www.snapfiles.com/get/atfcleaner.html
after that defrag
__________________
Pop always said that if a man puts his mind to it there is nothing he can't do. Boy when it comes to computers I sure have proven him wrong!!!
valis's Avatar
Computer Specs
Community Moderator with 32,942 posts.
  
Join Date: Sep 2004
Location: Texas
Experience: cp/m -->
01-Aug-2008, 03:27 PM #3
++++++++++++++++++++++++V 2.02++++++++++++++++++++++++++++++

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

after that, if something looks suspicious, we'll move it to the hjt log forum.
__________________
rate me | M.V.P. - Desktop Experience | M.C.S.A. | M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that". - Gary Kildall
mrblaq's Avatar
Junior Member with 15 posts.
  
Join Date: Apr 2007
Experience: Advanced
01-Aug-2008, 04:22 PM #4
Oh dear, that's slightly embarrassing. I thought majorgeeks would be up to date on it's file mirror

Here's the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:53 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FAH\fah504-console.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\FAH\FahCore_82.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UnrealStreaming\ULiveServer\ULiveServer.exe
C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\Program Files\WebDrive\wdService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\XPUnlimited\xputserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\WebDrive\webdrive.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Monitor Calibration Wizard\MCW.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\PuTTY\pageant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Radmin Viewer 3.0\Radmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\putty.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Video Server E\Video Server E.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s /p
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to pageant.lnk = C:\Program Files\PuTTY\pageant.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = store.vitalculture.com
O17 - HKLM\Software\..\Telephony: DomainName = store.vitalculture.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAEA927A-0A85-42D8-B3BB-7A4DF3C883D1}: NameServer = 10.0.0.30,209.85.24.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = store.vitalculture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = store.vitalculture.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\rserver30\r3god.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: FAH@C:+Program Files+FAH+fah504-console - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Google Update Service (gupdate1c8e20cab0b48ac) (gupdate1c8e20cab0b48ac) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ULiveServer - Unreal Streaming Technologies Group. - C:\Program Files\UnrealStreaming\ULiveServer\ULiveServer.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies Group. - C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
O23 - Service: XPUnlimited Terminal Server (xpu_tserver) - IPConsult BV - C:\Program Files\XPUnlimited\xputserver.exe

--
End of file - 8503 bytes
valis's Avatar
Computer Specs
Community Moderator with 32,942 posts.
  
Join Date: Sep 2004
Location: Texas
Experience: cp/m -->
01-Aug-2008, 04:42 PM #5
is this a work pc? I see vitalculture as the domain in there......other than that, nothing spooky, but we can request a security mod to look at it if you wish.

Did you install the ULiveServer stuff?
mrblaq's Avatar
Junior Member with 15 posts.
  
Join Date: Apr 2007
Experience: Advanced
01-Aug-2008, 05:37 PM #6
Yeah I did install ULive. I don't need it any more, though. So, I should be good to go. I think most of my problems cleared up when I minimized my startup apps. We'll consider this issue closed for now. Thanks!
valis's Avatar
Computer Specs
Community Moderator with 32,942 posts.
  
Join Date: Sep 2004
Location: Texas
Experience: cp/m -->
01-Aug-2008, 05:41 PM #7
cool....thanks for the follow up. May want to check the defrag status, and d/l and run a little app called ATF; it blows out all your temp files, which will significantly increase disk space, if you not done so before.

thanks,

v
Cookiegal's Avatar
Administrator with 63,632 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-Aug-2008, 05:54 PM #8
You definitely had too many applications running at startup and that will bog things down.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications (the fifth one in the list).
  • Click the "Download" button to the right. A new page will open.
  • Select your platform and check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click Continue.
  • Click on the link under Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
  • Go to Start - Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.
__________________
Microsoft MVP - Consumer Security
Last edited by Cookiegal : 08-Nov-2009 05:08 PM.
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Windows XP | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:01 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.