Sluggish Response to Keyboard Input – XP Pro SP3

Topic

New Reply

Within the last two days (April 15 and 16) I have been having a terrible time with sporadic sluggish response to keyboard input. I will need help narrowing down the symptoms before I can ask for help with the fix!

This can occur when Windows Task Manager shows CPU Idle Process at 99%. I have the character Repeat Delay set to minimum and Repeat Rate set to about 80%.

Major recent changes: A couple of days ago (April 15th) Windows Update installed a rather large update on my XP Pro SP3 PC. Also I upgraded my anti-spyware program from Sunbelt Software CounterSpy 3.x to 4.x. I have Active Protection (anti-virus) disabled in CounterSpy.

I am running Zone Alarm Anti-Virus 9.1 which consists of the classic Zone Alarm firewall plus Kaspersky AV.

Plain ol’ text entry seems consistently normal. I use ACD Systems ACDSee 10 Photo Manager. When viewing an image and zooming using the Keypad “+” key the program sometimes hesitates then does a series of zooms as though to catch up with my input.

Sometimes when I click (or double click, whichever is required) on an item in the System Tray there is a long delay before a response- often several seconds.

Often I cannot copy and paste using the keyboard. For example, I would like to re-send an Outlook 2007 email message I sent previously. I can Shift-Tab in the message until the cursor is in the Sent field, then I can Shift-End to highlight the date-time text. Ctrl-C does not place the text on the Windows clipboard.

However, while writing this plea for help everything is working normally. This is disconcerting and throws a big wrench in my productivity. I photograph up-and-coming models for a hobby (retired) and the use of the PC is intensive during and after a shoot.

When reviewing photos I put the CF card in the reader, highlight the files in Windows Explorer with Ctrl-A, then Ctrl-X to initiate a ‘move’ and finally Ctrl-V in the destination folder to execute the ‘move’. It didn’t work at all during yesterday’s shoot (April 15). I looked like a rank amateur, not only in my computer mastery but of the entire process of photography! I just tried the “keyboard move” and it worked fine.

I would appreciate ideas about narrowing down my symptoms. It seems that whatever is going on is pretty general across everything I do with the PC but is not occurring all the time!

Thanks, – Dave

Hardware install and data transfer complete 18 Sep 2007
ASUS P5WDG2 WS Pro
Core 2 Quad Q6600
Corsair 2 ea. TWIN2X2048-6400C4 2GB Kit (1GBx2) PC26400 800MHz for 4GB
PC Power & Cooling Silencer 750 Quad 750W
EVGA 256-P2-N751-TR GeForce 8600 GT 256MB 128-bit GDDR3 PCIx
HDD Drive 1 (C) WD740ADFD SATA1 74GB HD 10K RPM 16MB for OS
HDD Drive 0 (D) Hitachi Deskstar 7K1000 SATA2 1Tb for Data
HDD Drive 2 (E) WD740ADFD SATA1 74GB HD 10K RPM 16MB for Apps, Photoshop temp
HDD Drive 3 (F, G, H) WD740ADFD SATA1 74GB HD 10K RPM 16MB for Web development, Windows Pagefile
SanDisk Extreme CF card reader 1394b 800Mbs
CF Card is SanDisk Extreme IV 4GB 45 MB/s UDMA
1394b Adapter NitroAV NAVPCIEFW800 PCIx FireWire 800/1394b
MS Windows XP Professional SP3 32 bit
Monitor NEC MultiSync LCD2190 UXi

Reply | Quote

Replies

Thanks for posting all your specs Saves a lot of time.

Run Hijack This, please, and post the log here. Let’s see what’s going on under the hood.

Reply | Quote

Hi RochelleP

Here is the log file, attached. I had to save it as a .TXT because this BBS wouldn’t let me upload a .LOG file.

In addition to programs running I mentioned last time I have PureText for Win (x86) v2.0 (http://www.SteveMiller.net) and M8 Free Clipboard v12.02 (M8 Software 2007) running. Both of these do not function properly this morning. I rely on them a lot!

Thanks!

– Dave

Reply | Quote

It’s just a text file, can be copied and pasted.. I’m copying the file and posting it here, so others can benefit.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:36 AM, on 4/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32brsvc01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32brss01a.exe
C:Program FilesBonjourmDNSResponder.exe
E:UtilJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:Program FilesSunbelt SoftwareCounterSpySBAMSvc.exe
C:Program FilesSunbelt SoftwareCounterSpySBPIMSvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSsystem32WTabletWacom_TabletUser.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
E:UtilTogglertoggler.exe
G:Programs & UpgradesUtilitiesText ManagementPureText format stripperPureText.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICKA.EXE
C:Program FilesMessengermsmsgs.exe
E:UtilLogitechSetPointSetPoint.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
E:UtilFreeClipFreeClip.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesSunbelt SoftwareCounterSpySBAMTray.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSSystem32svchost.exe
E:ApMicrosoft OfficeOffice12OUTLOOK.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
E:ApAdobeAdobe Photoshop CS3Photoshop.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
E:ApMicrosoft OfficeOffice12WINWORD.EXE
E:UtilBeyond Compare 3BCompare.exe
E:UtilSiber SystemsGoodSyncGoodSync.exe
C:Program FilesACD SystemsACDSee10.0ACDSee10.exe
E:UtilAvanquestPowerDeskPDExplo.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.techno-imaging.com/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {1FD79A59-37B1-459B-9097-09F9FAB8A523} – (no file)
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – E:UtilJavajre6binjp2ssv.dll
O4 – HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM..Run: [SSBkgdUpdate] “C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe” -Embedding -boot
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
O4 – HKLM..Run: [ZoneAlarm Client] “C:Program FilesZone LabsZoneAlarmzlclient.exe”
O4 – HKLM..Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
O4 – HKLM..Run: [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
O4 – HKLM..Run: [SoundMax] “C:Program FilesAnalog DevicesSoundMAXSmax4.exe” /tray
O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [QuickTime Task] “E:ApQuickTimeQTTask.exe” -atboottime
O4 – HKLM..Run: [SBAMTray] “C:Program FilesSunbelt SoftwareCounterSpySBAMTray.exe”
O4 – HKLM..Run: [sbamui] “C:Program FilesSunbelt SoftwareCounterSpysbamui.exe” /launch
O4 – HKCU..Run: [Toggler] E:UtilTogglertoggler.exe
O4 – HKCU..Run: [PureText] “G:Programs & UpgradesUtilitiesText ManagementPureText format stripperPureText.exe”
O4 – HKCU..Run: [EPSON Stylus Photo R280 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICKA.EXE /FU “C:DOCUME~1dmckeenLOCALS~1TempE_SF6F.tmp” /EF “HKCU”
O4 – HKCU..Run: [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
O4 – Startup: FreeClip.lnk = E:UtilFreeClipFreeClip.exe
O4 – Startup: Microsoft Office Outlook 2007.lnk = ?
O4 – Global Startup: ColorVisionStartup.lnk = E:UtilColorVisionUtilityColorVisionStartup.exe[/color]
O4 – Global Startup: Logitech SetPoint.lnk = E:UtilLogitechSetPointSetPoint.exe
O4 – Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 – Extra context menu item: &ieSpell Options – res://E:UtilieSpelliespell.dll/SPELLOPTION.HTM
O8 – Extra context menu item: Check &Spelling – res://E:UtilieSpelliespell.dll/SPELLCHECK.HTM
O8 – Extra context menu item: E&xport to Microsoft Excel – res://E:ApMICROS~1Office12EXCEL.EXE/3000
O8 – Extra context menu item: Lookup on Merriam Webster – file://E:UtilieSpellMerriam Webster.HTM
O8 – Extra context menu item: Lookup on Wikipedia – file://E:UtilieSpellwikipedia.HTM
O9 – Extra button: ieSpell – {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} – E:UtilieSpelliespell.dll
O9 – Extra ‘Tools’ menuitem: ieSpell – {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} – E:UtilieSpelliespell.dll
O9 – Extra button: (no name) – {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} – E:UtilieSpelliespell.dll
O9 – Extra ‘Tools’ menuitem: ieSpell Options – {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} – E:UtilieSpelliespell.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – E:ApMICROS~1Office12REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) – http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 – DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) – https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199205701734
O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 – Service: Adobe LM Service – Adobe Systems – C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:Program FilesBonjourmDNSResponder.exe
O23 – Service: BrSplService (Brother XP spl Service) – brother Industries Ltd – C:WINDOWSsystem32brsvc01a.exe
O23 – Service: DirMS_Defragmentation – Unknown owner – E:UtilMATCODirmsService.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 – Service: getPlus(R) Helper – Unknown owner – C:Program FilesNOSbingetPlus_HelperSvc.exe (file missing)
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – E:UtilJavajre6binjqs.exe
O23 – Service: Logitech Bluetooth Service (LBTServ) – Logitech, Inc. – C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 – Service: Nero BackItUp Scheduler 4.0 – Nero AG – C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:WINDOWSsystem32nvsvc32.exe
O23 – Service: SiSoftware Database Agent Service (SandraDataSrv) – SiSoftware – E:UtilSiSoftwareSiSoftware Sandra Lite XII.SP1Win32RpcDataSrv.exe
O23 – Service: SiSoftware Sandra Agent Service (SandraTheSrv) – SiSoftware – E:UtilSiSoftwareSiSoftware Sandra Lite XII.SP1RpcSandraSrv.exe
O23 – Service: CounterSpy Antispyware (SBAMSvc) – Sunbelt Software – C:Program FilesSunbelt SoftwareCounterSpySBAMSvc.exe
O23 – Service: SB Recovery Service (SBPIMSvc) – Sunbelt Software – C:Program FilesSunbelt SoftwareCounterSpySBPIMSvc.exe
O23 – Service: TabletServiceWacom – Wacom Technology, Corp. – C:WINDOWSsystem32Wacom_Tablet.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Check Point Software Technologies LTD – C:WINDOWSsystem32ZoneLabsvsmon.exe
O24 – Desktop Component AutorunsDisabled: (no name) – (no file)

—
1–First check the box in front of the ones I marked in red. You don’t need all of those starting with every boot.
There’s also one green entry.

2–What is SoundMax? Do you need it starting with the bootup or can you start it later?

3–Ditto on MacroVision.

4–What kind of back up are you doing in Nero?

4–Delete this file from your computer: C:Program FilesNOSbingetPlus_HelperSvc.exe

5–Reboot, download Malwarebytes AntiSpyware and run it. Post . Copy and paste the log here.

Reply | Quote

Hi Rochelle,

Thanks! I have a lot of house cleaning to do. I will tackle it first thing in the morning.

This morning I had the symptoms I described earlier then during a photo shoot today all was normal. But it’s obvious the system needs work.

First a couple of questions:
* Where you say “First check the box in front of the ones I marked in red.”, where do I find the check boxes? In Autoruns? System Configuration (config.sys)?
* Should I disable the green entry? Or do it alone first to see if disabling it breaks anything?

And answers:
*SoundMax is the integrated sound electronics on the motherboard. It would be best for me if it started on bootup.
*I’m not using Nero Backup. I can disable that entry.

– Dave

Reply | Quote

* Where you say “First check the box in front of the ones I marked in red.”, where do I find the check boxes?

In Hijack This. Checking the box disables. Don’t use Autoruns unless your a real techie. A lot of the Windows stuff in there can really bollux you up, and the non-Windows programs can be found in Hijack this or WinPatrol

* Should I disable the green entry? Or do it alone first to see if disabling it breaks anything?

check the box in front of it. That disables it

*I’m not using Nero Backup. I can disable that entry.
Or uninstall it if it’s separate from Nero.

Reply | Quote

When Windows started this morning ZoneAlarm AV reported that its AV engine had stopped- would I like to re-start ie? (Yes.) Outlook 2007 failed to start. It complained of a plug-in and advised I remove it. So I went directly to Malwarebytes’ site and ran a full scan. I will work on disabling the startups next. Here is the Malwarebytes log:

Malwarebytes’ Anti-Malware 1.45
http://www.malwarebytes.org

Database version: 4003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/18/2010 8:49:55 AM
mbam-log-2010-04-18 (08-49-55).txt

Scan type: Full scan (C:|D:|E:|F:|G:|H:|)
Objects scanned: 498827
Time elapsed: 1 hour(s), 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:Programs & UpgradesMultimediaCodecsavicodecpack.comAVICodecPackLite3.exe (Adware.Webdir) -> Quarantined and deleted successfully.
– – – – – – – – – – – – – –

By the way, cutting and pasting is working fine! Now to see if I can replace CounterSpy with the paid version of Malwarebytes.

– Dave

Reply | Quote

By the way, cutting and pasting is working fine! Now to see if I can replace CounterSpy with the paid version of Malwarebytes.

You have an unusual set of security programs. Might want to know ESET NOD rated on top at the Maximum PC indep lab tests this month. It’s a full suite. But if you choose a suite, I would still run the free MBAM on demand regularly. It catches almost everything. This was their list, not yet on their website. They rated only suites:

1. Norton internet Security 2010
2. ESET Smart Security 4
3. Avira Antivir Free Edition
4. Microsoft Security Essentials (I disagree on this)
5. AVAST! internet security
6. McAfee Internet Security 2010
7. Trend Micro Internet Security Pro 3.0
8. Bitdefender Internet Security 2010
9. Panda Internet Security 2010
10. Comodo Internet Security Pro

But you also had a number of other Windows function acting badly. Report back to me on those.

If I stopped anything in the startup that you feel should be started at bootup, go into Run>msconfig>Startup and restart it. I’m not accustomed to dealing with computers of photographers. But keep the startup to a minimum.

Reply | Quote

If you need a diff codec pack, try K-lite.

Reply | Quote

I will look into ESET NOD. Thanks for those resources. I got started with Zone Alarm because of the firewall they started out with when there wasn’t anything as good out there. Their AV is Kaspersky which, up until now, has been pretty good. I don’t remember how I came upon CounterSpy (Sunbelt Software), but I’m pretty much fed up with them.

Yeah, I’m still having delayed response (5-10 sec) opening up icons in the system tray. And keyboard copying and pasting of text is sometimes impossible. However I just did a keyboard cut and paste of files from one folder to another in Windows Explorer and that worked fine. I will get into Autoruns and disable the startups you marked in red (above).

What were you referring to when you said to check the boxes in front of the startup entries you highlighted?

Thanks, – Dave

Reply | Quote

These lists which rank AV products and suites seem to shift the positions of the major vendors every time they appear. It does not matter whether your AV choice is Number One or Number Twenty. If it passes muster in independent lab tests, chances are it is plenty good. Microsoft Security Essentials has passed these tests. The important thing to do is to make sure you have a good AV, a secondary spyware detector scanner, and a good firewall (or good knowledge of both the inbound and outbound Windows Firewall controls — for Vista and Windows 7 users only). Suites combine these features under a single user interface. MSE has no advanced heuristics countermeasures, so supplementing it with PC Tools Threatfire may be wise. Maximum PC is really big on lists, but enumerating adds nothing to the factual discussion.

Dave, just replace CounterSpy with Malwarebytes, and you’re golden.

If startups are a concern, CCleaner (freeware) includes a Startups utility which is much simpler to use than Autoruns. It has checkboxes just like Microsoft’s MSConfig Startups tab, and you simply use the CCleaner Disable button to turn off any Startup you can see. Windows will not be damaged by doing this.

-- rc primak

Reply | Quote

These lists which rank AV products and suites seem to shift the positions of the major vendors every time they appear. It does not matter whether your AV choice is Number One or Number Twenty. If it passes muster in independent lab tests, chances are it is plenty good.

The article isn’t yet on their website, so i can’t quote details right now. The ones lower in on the list did NOT pass muster. The percentage of either uncaught viruses or the difficulty configuring the program rises as you go down the list.

There’s also the recent test by VirusBulletin, which were quoted in several magazines. Yes, all A-V’s miss some stuff, but some miss more than others. Checking regularly with MBAM is always a good idea. I’ve also had A-V programs whose configuration drove me up the wall, and I’m no newbie.

Reply | Quote

Rochelle,

Sorry, I missed where you said where to find the check boxes. I found them in Hijack This, but there were a few startups I didn’t want to check because I didn’t know how to get them back in Hijack This. Here they are. I unchecked them in Autoruns.

O4 – HKCU..Run: [Toggler] E:UtilTogglertoggler.exe

Alerts me when I inadvertently hit Insert, Caps Lock or Num Lock. Disables right Windows key. (I’m in Photoshop a lot and use the right Alt key constantly. I frequently hit the right Windows key accidentally which causes actions that throw off my workflow.)

Note: Toggler found a way to get itsself on the startup list again! There are now two entries in Autoruns for Toggler; one checked and not not checked. I stopped Toggler while using the system to check for sumptoms.

O4 – HKCU..Run: [PureText] “G:Programs & UpgradesUtilitiesText ManagementPureText format stripperPureText.exe”

Strips formatting from text for pasting into Word, etc.

O4 – HKCU..Run: [EPSON Stylus Photo R280 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICKA.EXE /FU “C:DOCUME~1dmckeenLOCALS~1TempE_SF6F.tmp” /EF “HKCU”

Epson Status Monitor 3 for the Epson Stylus Photo R280 Series of inkjet printers.

O4 – Startup: Microsoft Office Outlook 2007.lnk = ?

Starts Outlook 2007

O4 – Global Startup: ColorVisionstartup.lnk = E:UtilColorVisionUtilityColorVisionstartup.exe

Monitor calibration (calibrates lookup table in video card)

O4 – Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe

I rely heavily on Windows Search to locate email threads.

O4 – Startup: FreeClip.lnk = E:UtilFreeClipFreeClip.exe

Not highlighted in red, but a possible suspect.

I had been using keyboard combination Ctrl-Alt-V to activate FreeClip. I recently becme aware that this key combination is already in use by Windows. Maybe the confilct was there. When I restore FreeClip I will use a different key combination.

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:49 PM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32brsvc01a.exe
C:WINDOWSsystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesBonjourmDNSResponder.exe
E:UtilJavajre6binjqs.exe
E:UtilLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Program FilesSunbelt SoftwareCounterSpySBAMSvc.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesSunbelt SoftwareCounterSpySBPIMSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSsystem32WTabletWacom_TabletUser.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesSunbelt SoftwareCounterSpySBAMTray.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
E:ApMicrosoft OfficeOffice12WINWORD.EXE
E:ApMICROS~1Office12OUTLOOK.EXE
C:WINDOWSsystem32SearchProtocolHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.techno-imaging.com/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {1FD79A59-37B1-459B-9097-09F9FAB8A523} – (no file)
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – E:UtilJavajre6binjp2ssv.dll
O4 – HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM..Run: [ZoneAlarm Client] “C:Program FilesZone LabsZoneAlarmzlclient.exe”
O4 – HKLM..Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
O4 – HKLM..Run: [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
O4 – HKLM..Run: [SoundMax] “C:Program FilesAnalog DevicesSoundMAXSmax4.exe” /tray
O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 – HKLM..Run: [SBAMTray] “C:Program FilesSunbelt SoftwareCounterSpySBAMTray.exe”
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [Toggler] E:UtilTogglertoggler.exe
O4 – Startup: AutorunsDisabled
O4 – Global Startup: AutorunsDisabled
O4 – Global Startup: Logitech SetPoint.lnk = E:UtilLogitechSetPointSetPoint.exe
O4 – Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 – Extra context menu item: &ieSpell Options – res://E:UtilieSpelliespell.dll/SPELLOPTION.HTM
O8 – Extra context menu item: Check &Spelling – res://E:UtilieSpelliespell.dll/SPELLCHECK.HTM
O8 – Extra context menu item: E&xport to Microsoft Excel – res://E:ApMICROS~1Office12EXCEL.EXE/3000
O8 – Extra context menu item: Lookup on Merriam Webster – file://E:UtilieSpellMerriam Webster.HTM
O8 – Extra context menu item: Lookup on Wikipedia – file://E:UtilieSpellwikipedia.HTM
O9 – Extra button: ieSpell – {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} – E:UtilieSpelliespell.dll
O9 – Extra ‘Tools’ menuitem: ieSpell – {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} – E:UtilieSpelliespell.dll
O9 – Extra button: (no name) – {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} – E:UtilieSpelliespell.dll
O9 – Extra ‘Tools’ menuitem: ieSpell Options – {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} – E:UtilieSpelliespell.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – E:ApMICROS~1Office12REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) – http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 – DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) – https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199205701734
O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 – Service: Adobe LM Service – Adobe Systems – C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:Program FilesBonjourmDNSResponder.exe
O23 – Service: BrSplService (Brother XP spl Service) – brother Industries Ltd – C:WINDOWSsystem32brsvc01a.exe
O23 – Service: DirMS_Defragmentation – Unknown owner – E:UtilMATCODirmsService.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 – Service: getPlus(R) Helper – Unknown owner – C:Program FilesNOSbingetPlus_HelperSvc.exe (file missing)
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – E:UtilJavajre6binjqs.exe
O23 – Service: Logitech Bluetooth Service (LBTServ) – Logitech, Inc. – C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:WINDOWSsystem32nvsvc32.exe
O23 – Service: SiSoftware Database Agent Service (SandraDataSrv) – SiSoftware – E:UtilSiSoftwareSiSoftware Sandra Lite XII.SP1Win32RpcDataSrv.exe
O23 – Service: SiSoftware Sandra Agent Service (SandraTheSrv) – SiSoftware – E:UtilSiSoftwareSiSoftware Sandra Lite XII.SP1RpcSandraSrv.exe
O23 – Service: CounterSpy Antispyware (SBAMSvc) – Sunbelt Software – C:Program FilesSunbelt SoftwareCounterSpySBAMSvc.exe
O23 – Service: SB Recovery Service (SBPIMSvc) – Sunbelt Software – C:Program FilesSunbelt SoftwareCounterSpySBPIMSvc.exe
O23 – Service: TabletServiceWacom – Wacom Technology, Corp. – C:WINDOWSsystem32Wacom_Tablet.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Check Point Software Technologies LTD – C:WINDOWSsystem32ZoneLabsvsmon.exe
O24 – Desktop Component AutorunsDisabled: (no name) – (no file)

—
End of file – 8539 bytes

– Dave

Reply | Quote

Bob P,

Thanks for the input. I should have remembered that there is a startup manager in CCleaner. I will stick with that one!

I appreciate the word on AV, spyware and firewalls. I’ll likely stick with ZoneAlarm AV (Kaspersky) and switch form CounterSpy to Malwarebytes paid spyware program.

– Dave

Reply | Quote

Bob P,

Thanks for the input. I should have remembered that there is a startup manager in CCleaner. I will stick with that one!

I appreciate the word on AV, spyware and firewalls. I’ll likely stick with ZoneAlarm AV (Kaspersky) and switch form CounterSpy to Malwarebytes paid spyware program.

– Dave

I am not sure the active components of Zone Alarm AV and Malwarebytes paid edition will play nicely with each other (two active AV proggrams should not be run together at the same time). If you are already running ZA-AV, MBAM Free (nothing active) should suffice for scanning. You would have all the protections you need.

And Rochelle P, I never said to use CCleaner instead oif HJT. They have different functions, but when it came time to actually manage Startups, I said I prefer CCLeaner’s simplicity over Autoruns which can be too complex for many of us. HJT makes a good “catch-all” but it doesn’t do everything.

As for the Maximum PC AV rankings, I noticed that Avast did rather nicely, which is a good surprise . Many reviewers dump on Avast, and I think this is just because it is free. But I do not believe that any of the Top Five or Six AV programs in that list actually failed any independent tests. I would be skeptical of any such reports. Comodo AV is not up to par, but their firewall, when properly configured, is top-notch. (I use it with Defense Plus, and everything set to very high levels.)

-- rc primak

Reply | Quote

Note: Toggler found a way to get itsself on the startup list again! There are now two entries in Autoruns for Toggler; one checked and not not checked. I stopped Toggler while using the system to check for sumptoms.

I don’t think that little utility uses a lot of resources. And it probably reinserts itself from an option you checked in the program itself. Don’t worry about it.

I wasn’t familiar with every program, so choosing some over others is fine. I thought FreeClip was like Clipmate, which I keep running all the time. But you don’t need the 2 Adobe entries running in the background. Check the 04 boxes there. Otherwise it looks good.

Bob is right about CCLeaner, but I initially wanted to see possible malware entries in HJT. CCleaner is fine on a roughly weekly in Scheduled Tasks.

Are you still confused about where to check the boxes? When HJT makes its log, there’s a checkbox in front of each entry. You can stop entries there. Msconfig>Startup works the opposite way. Checks are the ones you keep.

So how are your other Windows functions running now without the malware? Smoothly?

Reply | Quote

Thanks guys,

As innocent as the M8 FreeClip utility seems to be, when I have it off of my system I’m not experiencing the symptoms I reported at the top here. I’ve used it for over a year, but since Windows’ (XP Pro SP3) massive update a few days before starting this thread the presence of the clipboard utility and the symptoms seemed to be concurrent. I will be looking for a replacement clipboard utility because I rely on something like FreeClip or Clipomatic. I’ve looked at many, but the more complex ones are more nuisance than not having one at all. I’ll keep looking.

Thanks for the diagnostic help and discussion of the issues. I’ve learned a lot from it and will be using it as I go along.

– Dave

Reply | Quote

I’ve been using Clipmate by Thornsoft.com for about 12 years. It use 4.6 MB memory

Reply | Quote