Generally Sluggish & Other Problems [HJT log]

My computer used to take a while to boot, then explorer would crash. (Fixed - removed qqtask.exe from startup). Now explorer randomly hangs (windows are not responsive), and ramps up memory usage to 150MB. My desktop background - a high res photo, doesn't show when it says my active desktop crashed, but it returns when I use the restore button. My firewall (Sygate Personal) randomly "forgets" my rules about programs. I have to re-train it after every reboot. My mouse and keyboard freeze occasionally, and i'm forces to shut down via power button. The sound also stop for no reasona fter a reboot occasionally. (I have intergrated audio). When I check the soound windows in control panel, it says there's "No audio device attached ".

I've run several scans with McAfee, Spybot, cleared out junk files manually, with ccleaner and the disk cleanup utility. But these things still happen.

 

Hello Dave,

http://www.helpwithwindows.com/techfiles/explorer-crashes.html Troubleshooting explorer problems

http://www.windowsbbs.com/showthread.php?t=39425 Go thru all the startups.

When did this start? Fairly recently?

If recently, there is an issue with one of the MS security patches for explorer - KB908531

Regards - Charles

 

Once u clean out the nasties, you might also want to try booting with just ur AV and firewall. How much RAm is this system running on? Also after cleaning out that junk, did u check to see if the drive is fragmentde / free space? Run a defrag too for improving speed.

 

Still

Thanks for the help!

But even when in safe mode, explorer eats memory like a pig, the mouse is jittery and freezes. I've scanned for virii, spyware, checked start ups (again). I tried clearing out old files and installs. (Like a 5GB flight sim). It wouldn't let me uninstall programs in safe mode, so I rebooted back to normal. When I tried to uninstall, I had to wrangle with my antivirus. While the "Windows Installer" worked, mcshield.exe ate up 100% CPU. When I tried to end mcshield, the computer froze.

This system has 512 MB of RAM. I like to keep McAfee Security Center, Sygate Personal Firewall, and recently, a little program that letd me use a joystick as a mouse. (Due to the mouse locking up). They used to add up to about 250MB. With explorer and svchost bloated, it's around 300-350MB. I've used about 45GB out of 100GB hard drive space. it's not very fragmentated, but i'll run one.

 

HijackThis Log

I don't believe I have any malware, but I want to know what's safe to remove to speed up my system.


Logfile of HijackThis v1.99.1
Scan saved at 6:00:17 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL (file missing)
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

 

I had similar trouble with my laptop. For ages I couldn't figure out whether I had a virus I couldn't detect or what the problem was, but it became an arduous task just to open the start menu (RAM was being chewed at like a rabid rat to a piece of cheese)
Hard disk trouble. After I ran chkdsk /f, and chdksk cleared up the bad segments for me (or at least moved the data in those segments) she's run like a dream. Like a d-r-e-a-m.

 

I've run that, and this time I didn't notice too much of an improvement. Thanks anyways.

Somehow my firewall was reset. As in it forgot all the rules I had set. I use Sygate Personal Firewall (the free one you could download before Sygate got bought out). explorer.exe and svchost.exe are both munching about 25MB at idle. When the GUI becomes unresponsive, I end svchost.exe and it unfreezes. Very odd, as isn't svchost.exe a networking process?
There's like 6 or 7 "svchost.exe" processes running at idle and one happened to shut down the computer when I ended it.

 

Only going by what I have experienced (check my "Computer Experience" ). A problem running in Safe Mode means a basic problem with Windows itself.

If you cannot shutdown correctly the settings will not be "saved ". The settings are saved in the registry. If it is losing basic settings and reverting to default, to me, that would mean a registry problem.

Actions:
Restoring to a time previous to the problem.

Can you remember, say, uninstalling a certain program when the problem began and had problems with the uninstall? If so reinstall and uninstall.

Run a repair from the Windows CD, that may reset Window's "basic" connections in the registry.

See what others may think.

Matt

 

Where's the worm?

Well I don't think the worm is here anymore. I ran a scan with McAfee, came up clean. Used housecall and the downloadable tool, came up clean. Both tools have been updated within the past 4 days. Only Trend Micro had references to the worm and it offered just the tool, not a specific worm removal tool. Checked registry, nothing there, it doewn't show up in task manager. I used HJT to remove the useless "extra buttons" and the worm reference. Turned off system restore. Nothing shows up in McAfee, housecall or HJT. Computer's sped up a bit from defrag and deleting junk, but the mouse freezing, no sound, and memory hogging continues.

The story is that, a while back, I found this strange .exe on my desktop. Looked around in properties and found nothing. I ran it. windir32.exe ran and nothing seemed to happen and I deleted it. I realized it was some kind of malware so I looked around WINDOWS/system32, and to no surprise, there was a copy there, so I deleted it with McAfee shredder. Ran a scan, came up clean. So I forgot about it.

 

Boot-Up Error

What does this mean? It showed up with a blue background while booting into windows.

"STOP: c0000221 {Bad Image Checksum} The image MSASN1.dll is possibly corrupt. The header checksum does not match the computed checksum. "

 

Yes it is. I didn't see anything that would apply to my system though. The good news is that the mouse problem was hardware. I noticed my HP mouse LED would get jittery and flicker before it froze. So I pulled out a old ball one. It hasn't frozen since.

Since I don't lose my cursor right after boot up, I've notice the system runs fine now with a few annoyances. The new problems are: my toolbar in explorer gets jumbled after a reboot, explorer & svchost still hog memory (somewhat less at 25MB each), and I got an error telling me ps2.exe had crashed. The only explorer extensions that show up in a right click are Winrar and "Scan for Virus" (McAfee).

Update: Odd - it refused to boot just now. It came up with the vague system disk loading failure error. It booted on something like the 7th try. But it still funs fine in Windows.

 

After hunting down a copy of .dll at SP2 version, copying it to a removable disk, the original, possibly corrupt version is in memory.

"C:\Documents and Settings\Owner>delete c:windows\system32\msasn.dll
c:windows\system32\msasn1.dll
Access is denied.

C:\Documents and Settings\Owner>copy h:msasn1.dll C:\windows\system32 Overwrite c:\windows\system32\msasn1.dll? (Yes/No/All): Y
The process cannot access the file because it is being used by another process. 0 file(s) copied. "

Yes, I have admin. I'll try this in the recovery console outside of the windows GUI.

The good thing is that memory usage finally returned to normal. I don't know how or why. Explorer dropped back to 8MB, and 40 others have dropped from several MB each to under .5MB.

 

"The system has recovered from a serious error.

Error signature:

BCCode: 100000d1 BCP1: 00000034 BCP2: 00000002 BCP3: 00000000
BCP4: F83BA8F0 OSVer: 5_1_2600 SP: 2_0 Product: 768_1

The following files will be included in this error report:

C:\DOCUME~1\Owner\LOCALS~1\Temp\WERf36e.dir00\sysdata.xml
C:\DOCUME~1\Owner\LOCALS~1\Temp\WERf36e.dir00\Mini050306-01.dmp "