Monty49

15 Posts

November 18th, 2009 21:00

Laptop Very Very Slow to Start Up

Hello,

I am seeking asssitance to resolve a slow start up problem with my Dell Inspiron 9400 lap top. The lap top will take up to half an hour to start (sometimes more) and will be sluggish when it finally does start up. The slow start up only occurs when the laptop is NOT connected to a network (at work - hardwired) or internet (at home - wireless). It appears that some kind of service or program is trying to start but can not and consumes all the resources on the machine causing it to go slow. Performance is fine when connected.

I think this may be a malware problem. My Hyjack This log file is copied below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:41 PM, on 19/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Updater.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.10.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'ingres')
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'ingres')
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ingres')
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'ingres')
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'ingres')
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" (User 'ingres')
O4 - HKUS\S-1-5-21-3939956800-3381378334-452110342-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'ingres')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-3939956800-3381378334-452110342-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'ingres')
O4 - S-1-5-21-3939956800-3381378334-452110342-1006 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'ingres')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/23.21/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{25F74088-1F1F-4209-BCA5-909076753E0B}: NameServer = 61.9.134.49
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9a1f53817b669) (gupdate1c9a1f53817b669) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ingres Intelligent Database [II] (Ingres_Database_II) - Computer Associates - C:\IngresII\ingres\bin\servproc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15208 bytes

Thankyou in anticipation, Regards Geoff.

Responses(16)

AaF1218

14 Posts

November 18th, 2009 23:00

This sounds like a pretty bad malware problem. Ok, what I would do first is the following:

1. Boot up your PC

2. Once Windows loads up, go to the Start Menu

3. Click Run

4. Type MsConfig

5. Once the box pops up, click on the Start Up Tab

6. You will see programs in this list that are starting up when Windows starts up. You can pick and choose what you want to start up when Windows starts up or you can disable them all and click Apply.

That will fix the speed of your bootup process because all of those programs are loading up into memory which normally cause a computer to load up slowly. If your computer in general is running slow

Go to

www.cnet.com and search for "Spybot Search and Destory" (It's Free) and install that and run the scan for spyware & malware. It does a good job cleaning out your system of those type of things. Run a disk cleanup and a disk defrag after that is done. Should solve the problems you are having.

Also, download ATF Cleaner here:

http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25

This little program does not need to be installed. It will clean out your system of temp files, history, cache, and other things too. It's a neat little tool to clean up your PC to make it run faster.

-Chris

www.domainelectronics.com

Bugbatter

20.5K Posts

November 19th, 2009 05:00

Geoff,

Last time you were here, you installed Malwarebytes' Anti-Malware, so there is no need to install Spybot. I see that you have installed DNA\btdna.exe. The use of this may have contributed to your problems. The nature of such software and the high incidence of malware in files downloaded with such programs is counter productive to restoring your PC to a healthy state. Please remove that and any similar programs before we work on this issue. There is a partial list HERE

.
We need to see some additional information about what is happening in your machine.

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
Click Yes at the prompt for Optional Scan.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Monty49

15 Posts

November 19th, 2009 13:00

Hi Chris and Bugbatter,

many thanks for your assistance. Before i got your reply Bugbatter, I had carried out instructions from Chris, up to but not including downloading and running ATF Cleaner.

I have removed DNA, and run DDS. The scan ran without any problem. Here are the two reports. I have copied and pasted both as I can't see where to attached a zip copy of attach.zip:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Geoff at 8:24:23.03 on Fri 20/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1014.286 [GMT 11:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Geoff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 10.0.10.1:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://supportapj.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/23.21/uploader2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {25F74088-1F1F-4209-BCA5-909076753E0B} = 61.9.134.49
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 Ingres_Database_II;Ingres Intelligent Database [II];c:\ingresii\ingres\bin\servproc.exe [2003-5-15 24576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-19 47640]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38224]
S2 gupdate1c9a1f53817b669;Google Update Service (gupdate1c9a1f53817b669);c:\program files\google\update\GoogleUpdate.exe [2009-3-11 133104]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
S3 OVT511;D-Link USB Digital Video Camera;c:\windows\system32\drivers\omcamvid.sys [2000-3-6 126882]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2006-3-12 31872]
S4 LMIRfsClientNP;LMIRfsClientNP;

=============== Created Last 30 ================

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-14 08:04:58 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-14 08:04:58 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-02-28 08:10:37 1703 ----a-w- c:\program files\default.rsp
2008-12-12 02:30:17 0 ------w- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 02:03:06 0 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.bak4
2008-12-12 02:01:37 0 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.bak3
2008-12-12 02:00:39 0 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.bak2
2008-12-12 01:57:59 0 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-12 01:57:22 1230 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.sdm
2007-09-13 06:17:59 1146 ----a-w- c:\program files\ST6UNST.LOG
2007-09-06 13:37:25 770048 ----a-w- c:\program files\RSpeed.exe
2008-11-17 02:01:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111720081118\index.dat

============= FINISH: 8:27:35.10 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/03/2006 11:55:32 AM
System Uptime: 19/11/2009 11:19:18 PM (9 hours ago)

Motherboard: Dell Inc. | | 0FF049
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 10.582 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 233 GiB total, 0.861 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP304: 4/10/2009 9:00:44 AM - Software Distribution Service 3.0
RP305: 5/10/2009 10:03:42 AM - Software Distribution Service 3.0
RP306: 6/10/2009 10:15:01 AM - Software Distribution Service 3.0
RP307: 7/10/2009 2:16:24 PM - System Checkpoint
RP308: 8/10/2009 10:29:49 AM - Software Distribution Service 3.0
RP309: 9/10/2009 10:06:46 AM - Software Distribution Service 3.0
RP310: 10/10/2009 11:01:56 AM - System Checkpoint
RP311: 11/10/2009 1:02:30 PM - System Checkpoint
RP312: 12/10/2009 2:20:28 PM - System Checkpoint
RP313: 13/10/2009 2:25:37 PM - System Checkpoint
RP314: 14/10/2009 7:39:54 PM - System Checkpoint
RP315: 16/10/2009 12:09:57 PM - System Checkpoint
RP316: 17/10/2009 12:43:15 PM - System Checkpoint
RP317: 18/10/2009 6:17:42 PM - Software Distribution Service 3.0
RP318: 19/10/2009 8:32:49 AM - Software Distribution Service 3.0
RP319: 19/10/2009 10:00:31 AM - Software Distribution Service 3.0
RP320: 20/10/2009 12:24:18 PM - System Checkpoint
RP321: 21/10/2009 3:43:09 PM - System Checkpoint
RP322: 22/10/2009 6:20:40 PM - System Checkpoint
RP323: 23/10/2009 6:51:23 PM - System Checkpoint
RP324: 24/10/2009 10:16:09 AM - Software Distribution Service 3.0
RP325: 25/10/2009 10:21:55 AM - Software Distribution Service 3.0
RP326: 26/10/2009 10:00:20 AM - Software Distribution Service 3.0
RP327: 27/10/2009 10:00:49 AM - Software Distribution Service 3.0
RP328: 28/10/2009 11:54:33 AM - System Checkpoint
RP329: 29/10/2009 10:00:25 AM - Software Distribution Service 3.0
RP330: 30/10/2009 10:00:45 AM - Software Distribution Service 3.0
RP331: 4/11/2009 12:29:16 AM - Software Distribution Service 3.0
RP332: 5/11/2009 8:59:09 AM - System Checkpoint
RP333: 5/11/2009 10:00:44 AM - Software Distribution Service 3.0
RP334: 6/11/2009 7:33:27 PM - System Checkpoint
RP335: 8/11/2009 8:33:20 AM - System Checkpoint
RP336: 8/11/2009 10:00:22 AM - Software Distribution Service 3.0
RP337: 10/11/2009 4:40:02 AM - Software Distribution Service 3.0
RP338: 10/11/2009 10:01:13 AM - Software Distribution Service 3.0
RP339: 11/11/2009 1:10:52 PM - System Checkpoint
RP340: 12/11/2009 10:00:48 AM - Software Distribution Service 3.0
RP341: 13/11/2009 10:26:47 AM - System Checkpoint
RP342: 17/11/2009 11:35:08 AM - System Checkpoint
RP343: 18/11/2009 7:17:58 PM - System Checkpoint
RP344: 19/11/2009 10:00:28 AM - Software Distribution Service 3.0
RP345: 19/11/2009 4:46:02 PM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
3D World Atlas
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 5.0.2
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Reader Chinese Simplified Fonts
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Advantage Ingres [ II ] Enterprise Edition
AiO_Scan_CDA
AiOSoftwareNPI
AOL Australia
AOL|7 Broadband Demo
Apet eResponse for .Net 2.0
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BELKIN F5U109 V1.25
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Management Programs
CA Anti-Virus
CA Licensing
Camtasia Studio 5
Conexant HDA D110 MDC V.92 Modem
CreativityCorp Periscope v2.3
Critical Update for Windows Media Player 11 (KB959772)
DecisionMax Lite
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.1
Dell System Restore
Digital Line Detect
DivX Codec
DivX Player
DivX Version Checker
DivX Web Player
DMX Update
e-tax 2007
Fax_CDA
FLV Player 1.3.3
FLV Player 2.0 (build 25)
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
getPlus(R)_ocx
Google Earth
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart, Officejet and Deskjet 7.0.A
Image Resizer Powertoy for Windows XP
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IrfanView (remove only)
iriver Music Manager
iRiver Updater
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LogMeIn
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
MetaFrame Presentation Server Client
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2000
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works 7.0
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
MSN Music Assistant
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NewCopy_CDA
OGA Notifier 2.0.0048.0
OLYMPUS Master
OLYMPUS Master 2
OpenROAD 4.1
PL-2303 USB-to-Serial
PowerDVD 5.9
QFolder
QuickSet
QuickTime
Readme
RealSpeed 1.918
RealSpeed 1.918 (c:\Program Files\)
Scan
Seagate Crystal Reports 7
Seagate Crystal Reports 7 Distributed Reports
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Project 2007 (KB949046)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype 3.0
Skype Plugin Manager
SmartAsset
SmartAssetExcelAddIn
SmartAssetOutlookAddIn
SmartAssetProjectAddin
SmartAssetWordAddIn
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TeLL me More CJ
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player (Remove Only)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Desktop Search 3.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Mobile Resources
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

18/11/2009 12:52:11 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013020DAEC5. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
18/11/2009 12:37:41 PM, error: Dhcp [1002] - The IP address lease 169.254.87.213 for the Network Card with network address 0013020DAEC5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
18/11/2009 11:26:36 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013020DAEC5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
18/11/2009 1:12:21 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 0013020DAEC5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Thanks Geoff.

Bugbatter

20.5K Posts

November 19th, 2009 14:00

According to the announcement at the top of this forum, once a helper begins working with you, he continues until the issue is resolved. Although not on the list of helpers in that announcement, as long as you have begun following his instructions, you might as well continue with him.

Monty49

15 Posts

November 19th, 2009 19:00

Thanks for the heads up Bugbatter. I didn't check Chris's status before acting on his advice. I must say given my preferences I would have preferred to have you assist me. Your thoroughness and attention to detail when you worked through the previous problem with me gave me great confidence at the time. Thanks Geoff.

AaF1218

14 Posts

November 20th, 2009 03:00

Geoff,

If you prefer to have Bugbatter help you out instead, you are more than welcome to. In my 10+ years experience working on computers, when somebody has a slow start up, the instructions I gave you is what I perform on their computer. If the slowness problem isn't being caused by a virus, it will fix the problem and you will see a HUGE difference on how your computer starts up. By default, when you install a piece of software, it wants to start up when Windows starts up. Over a period of time, your computer gets congested of many different things. Sometimes, it will determine how fast your computer starts up too. If you are running 1GB of physical memory or less on your computer, that can be a huge problem with a lot of different programs starting up because all of those programs load into memory first. By disabling those programs from starting when Windows starts will free up your memory and your start up speed. Sometimes, spyware and malware can have role in how well your computer performs. That's why I told you to download Spybot Search and Destroy. ATF Cleaner is a little tool that I use and give to clients. It cleans up a lot of junk that is not being used. Every little bit counts when it comes to performance of your computer. If you prefer to have Bugbatter help you out then she can help you. That's no problem. She is obviously very active in these Dell forums and knows what she is talking about too. You said you followed my instructions up until the ATF Cleaner. Did my instructions at least help out?

Chris

Monty49

15 Posts

November 21st, 2009 14:00

Hi Chris,

thanks for your advice. It has resolved the problem and the speed is great. Performance as improved. both connected and disconnected from the network and internet.

I think it is important to seek advice from one source only at a time.and avoid any potential confusion, and would like to continue with your advice. I'll go ahead and download and run ATF Cleaner and let you know how it goes.

Is there any way of knowing what each of the programs identified by msconfic do? If any of the programs are malicious can they be removed entirely.? .

Thanks Geoff.

AaF1218

14 Posts

November 22nd, 2009 00:00

Geoff,

You're welcome for my help. Glad everything is up and working great for you. I hope my advice worked for you. Let me know how you like ATF Cleaner too. It's a cool tool that I use a lot.

To answer your question, I sometimes do use msconfig to try to determine what is loading up when Windows loads up. Sometimes some virus' or malware will load when Windows loads up. So I go into msconfig and under the command column, you will most likely see a C:\ path where that particular file is located. You can tell if it's an Adobe file, Java file, Printer file because if you follow the path it will say "C:\Program Files\Adobe\Reader 9.0" so I know that this file is associated with Adobe. Since I know sometimes you will come across a system file under the C:\Windows\System32 I can tell that this file is a system file. Some malware or spyware do store themselves in the C:\Windows or C:\Windows\System32 directory. You just got to know what you are looking for. Sometimes you will come across a startup item and look over at the command column and it will show no path at all for it. So what I do is search the system for that file and it will tell me what directory that the file is stored in and you can determine what that file is used for. It's really tough to try to determine malicious software by the msconfig though. Sometimes it doesn't even show up in the msconfig menu. So that's where you have to look at the processes that are running in the background and start picking though which-is-which. Sometimes you can find a process that you do not recognize and search the system for it and delete it. Sometimes the file is in use and you are unable to delete the file. So you can always start in safe mode and get rid of it that way. OR you can download another helpful tool called "Unlock Me" that will free any locked folder or file so you can delete it.

http://www.brothersoft.com/unlock-me-download-165421.html

If you have anymore questions let me know! Thanks Geoff.

Chris

Monty49

15 Posts

November 22nd, 2009 19:00

Hi Chris, thanks you for your assistance. The original performance problem with my computer have been resolved for which I thank you. I think I will call it resolved. I do not feel strongly enough about the now 'dormant' programs or processes to start seeking them out and deleting them in case I inadvertantly delete an important program and creat a situation from which I can not retreive.

Once Again Thanks and Regards Geoff.

Bugbatter

20.5K Posts

November 22nd, 2009 21:00

Geoff,

You still have some security issues that your helper needs to address.

Monty49

15 Posts

November 23rd, 2009 13:00

Thanks Bugbatter.

Chris, looks like I bailed prematurely. What next steps do you recommend.

Thanks Geoff.

Monty49

15 Posts

November 25th, 2009 15:00

Hi Chris, any further recomendations to close this one out?

Thansk Geoff.

AaF1218

14 Posts

November 25th, 2009 19:00

Hey Geoff,

Sorry, was out of town for a few days for business. Nope, I don't have anymore suggestions or recommendations for this issue if you say everything is working. Let me know if you have anymore questions. Thanks Geoff! Happy Thanksgiving.

Chris

Bugbatter

20.5K Posts

November 26th, 2009 05:00

Geoff, there is a reason why we have a list of trained analysts at the top of this forum. Other members have good intentions, but we do malware cleaning in a prescribed manner and stay updated on infections and tool changes 24/7. Anyone can jump into helping on the other Dell forums, and we encourage members to do that, but it is preferred for the safety of the users that the trained folks work these logs one-to-one. As long as everything is working well, I'm not going back to "square one" with you, however I do need to inform you of a couple of concerns. You may want to print these instructions so that you can follow them easily.

You have Viewpoint installed. Viewpoint developed a behavioral targeting product in 2006. Viewpoint is associated with a program called viewmgr.exe and the ViewPoint Media Player.
Viewpoint is bundled with AOL, AOL Instant Messenger, Adobe Atmosphere, Netscape 7, etc and sometimes not mentioned in the license agreement. Hardware manufacturers pre-install some of these applications.
ViewPoint Toolbar will redirect your search queries and also transmits non personally identifiable information back to their servers. The Viewpoint Toolbar is listed is also classified as a threat in the CounterSpy Threat Library because it hijacks your search queries and also transmits non personally identifiable information back to their servers.
Viewpoint Manager is a media player often bundled with AIM software. Viewpoint Manager is a useless add on.
Because Viewpoint's software will track your web surfing and tailor advertisements based on the web pages you are visiting, I suggest you remove the program.
** Note: Removing Viewpoint Media Player may cause the program that bundled it to not function as intended. For AOL and AIM it is needed to use their 3D icons known as Super Buddies and for customized themes, etc.
If you wish to remove Viewpoint, end process on ViewManager in Task Manager.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Experience Technology

Then remove the Viewpoint folder in your Program Files.

Please remove ATF Cleaner. Reboot.

Download and scan each user profile with CCleaner (a good utility to keep and use regularly and it cleans more than ATF Cleaner.):

http://www.ccleaner.com/download/builds

** Select to download the SLIM version.

** Because CCleaner removes everything in temp folders, if you have anything saved in a temp folder, back it up or move it to a permanent folder prior to running CCleaner.

** We will be cleaning cookies as well. Make a note of any passwords, etc. that you want to save. If you do not want to delete cookies, simply uncheck that option.

1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

2. Then select the items you wish to clean up. In the Windows Tab:

Clean all entries in the "Internet Explorer" section.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose. In the Applications Tab:
Clean all in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

3. Click the "Analyze" button. When the list of files comes up, click the "Run Cleaner" button.

4. A pop up box will appear advising this process will permanently delete files from your system.

5. Click "OK" and it will scan and clean your system.

6. Click "exit" when done. REBOOT.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 17 .
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each of the Java versions.
Close Add/Remove.
* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
* Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

If everything is still running well....

Please flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

You asked about Startup programs. You may want to check out Winpatrol. Many of us security folks use that. There is a free version as well as a more comprehensive paid version. It will give you a description of your Startups and Services. http://www.winpatrol.com/

Free version is available on the d/l page: http://www.winpatrol.com/download.html

I'm sure I gave these to you the last time I worked with you, but again, here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.

3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Red for Warning = STOP
Yellow for Use Caution
Green for Safe
Grey for Unknown

There is a Web Of Trust version for Firefox as well.

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

Monty49

15 Posts

November 29th, 2009 17:00

Hi Bugbatter, I am very grateful that you kept an eye on this thread for me. Thanks for your follow up instructions on this. I have removed Viewpiont, run CCleaner, updated Java and re-run Malwarebytes which reported zero infections and zero malicious items.

Once again many thanks for your thorough and detailed approach. Kindest Regards Geoff.

PS: Whilst your instruction Chris rectified the immediate problem and I thank you for that, I was left a little uncomfortable that the underlying cause was not identified and that there still remained some tidy up. You obviously like to help and your assistance was much appreciated, can I suggest that you formalise your credentials on this forum by taking on the training and applying to become a trained analyst. Best Regards Geoff.

View All

No Events found!

Virus & Spyware

Laptop Very Very Slow to Start Up