Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Windows Xp Laptop


  • This topic is locked This topic is locked
3 replies to this topic

#1 wbhendrickson

wbhendrickson

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 26 September 2006 - 04:43 AM

My Windows XP SP2 laptop has slowed down tremendously of late. It also has begun the nasty habit of periodically locking with open programs "not responding." When going Ctl-Alt-Del to end task, I will often see 100% CPU on the Performance Tab, even with no open programs running (mostly in the dumprep.exe process). Obviously something is running in the background.

I will also get a "Server Busy" window fairly often, even with no programs open. It is sometimes present when everything locks up. The window states "The action cannot be completed because the other program is busy. Choose "Switch To" to activate the busy program and correct the problem."

When I move the mouse over "Switch To", I sometimes get an hourglass that makes clicking on it impossible. When I am able to click on "Switch To", it's the same as if I had clicked on "Start." The busy program is of course not specified and I have no idea what the Server Busy window is referring to. Sometimes after clicking on "Switch To", I will get a second box with "hpqSTE08.exe (not responding)" and I click on End Now - sometimes that helps, sometimes not. Other times after clicking on "Switch To" and getting the Start Menu, I can left click on a blank area of the desktop and clear the Server Busy box off the screen and everything appears to return to normal. Often the Server Busy box will reappear.

I have updated my Zone Alarm Security Suite and I have accomplished the following: Microsoft Update, Windows Defender Update, Cache Cleaner, Disc Cleanup, Defrag, Spybot S & D, Spywareblaster, Autoruns, and Lavasoft AdAware updates/scans.

This is my first Hijack This log since April 2005. Thank you for your assistance and recommendations.

************************************************************************

Logfile of HijackThis v1.99.1
Scan saved at 2:18:16 AM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\WINNT\system32\ZoneLabs\isafe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINNT\system32\HPZinw12.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.centurytel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://delta.flightline.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.centurytel.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Flightline
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: FLiCA.Net - {8A85CE1D-87A1-454B-84EE-D2B3011CA2D3} - http://www.FLiCA.Net (file missing) (HKCU)
O9 - Extra button: Flightline - {E08157E4-2D86-4007-9122-BA7F932F964F} - http://www.flightline.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://delta.flightline.com
O16 - DPF: eCrew Delta Technology V14169 - http://ecrew.delta-air.com/eCrew14169.cab
O16 - DPF: eCrew Delta Technology V14180 - http://ecrew.delta-air.com/eCrew14180.cab
O16 - DPF: eCrew Delta Technology V14240 - http://ecrew.delta-air.com/eCrew14240.cab
O16 - DPF: eCrew Delta Technology V14260 - http://ecrew.delta-air.com/eCrew14260.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144945721119
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static...h/weblaunch.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} (JInitiator 1.3.1.17) -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Edited by wbhendrickson, 26 September 2006 - 04:51 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:44 AM

Posted 04 October 2006 - 03:35 PM

Hello wbhendrickson and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

The hpqSTE08.exe file is part of HP's digital imaging software. It is probably part of either a printer or digital camera package. It could be either the software package or the device is tying up the system. You can try uninstalling and reistalling the software to see if that resolves the problem. If not, then I would suggest posting a question in the XP forum. They can assist with non-malware related issues.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 wbhendrickson

wbhendrickson
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 05 October 2006 - 12:31 AM

The hpqSTE08.exe file is part of HP's digital imaging software. It is probably part of either a printer or digital camera package. It could be either the software package or the device is tying up the system. You can try uninstalling and reistalling the software to see if that resolves the problem. If not, then I would suggest posting a question in the XP forum. They can assist with non-malware related issues.

Cheers.

OT



Thank you kindly for your assistance. Yes, the hpqste08.exe file is part of my HP 6300 series printer software. Uninstall/reinstall has not resolved the issue. Good idea on posing a question on the XP forum. I appreciate your time and your service to others on this forum.

Regards...

Edited by wbhendrickson, 05 October 2006 - 12:32 AM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:44 AM

Posted 05 October 2006 - 04:06 PM

You are welcome wbhendrickson. I'm sure that they will be able to track down the problem. They d4eal with those types of issues every day.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users