Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Thegame619

41 Posts

2127

August 4th, 2005 06:00

Really Really Slow Computer

Logfile of HijackThis v1.99.1
Scan saved at 12:19:28 AM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\CitiAnywhere\CA\IPInsight\IPClient.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CitiAnywhere\CA\IPInsight\launchipi.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Willsbb\Desktop\CleanUp!\HijackThis-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yankees.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CAPing] C:\Program Files\Common Files\Citianywhere\CAPing.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\CitiAnywhere\CA\IPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\CitiAnywhere\CA\IPInsight\IPMon32.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Visual IP InSight Client (Retail) (VisualLaunchIPI_Citigroup_Retail) - Visual Networks - C:\Program Files\CitiAnywhere\CA\IPInsight\launchipi.exe

my computer is running very slow it lags like crazy if somone could help me out i would greatly appreciate it

NikkJ

94 Posts

August 4th, 2005 15:00

Hi
I'm Nick and I am going to try to help you with your problem.

Please take note of two things.

1. I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
2.The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

While I'm looking at your log can you tell if you recognise these processes?

C:\Program Files\CitiAnywhere\CA\IPInsight\IPClient.exe
c:\program files\neoteris\secure application manager\gapsp.dll

NikkJ

94 Posts

August 4th, 2005 18:00

Thanks

I'll be in touch.

Thegame619

41 Posts

August 4th, 2005 18:00

those programs have to do with my work

NikkJ

94 Posts

August 4th, 2005 19:00

Hi

I am assuming that you have alredy followed the forum instructions http://forums.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=41849 before posting the HijackThis log.

There are several programs on your system which are not strictly speaking Malware but do have "sponsership" overheads that many find undesirable.

WeatherBug is adware unless you are using the paid for -Pro version. If you are then you can ignore any references to Weatherbug or the C:\Program Files\AWS\ .

IPinsight is installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required it constantly "phones home" and wastes resource. (see http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453087795 for more information)
I will ignore IPInsight since you need it for work. 

If you wish to remove Weatherbug (this is entirely up to you) I personally doubt if it is causing a massive slowdown of your system.
Go to Add/Remove Programs and uninstall the following (if present): <<=== Don't do this if you want to keep Weatherbug

WeatherBug


Now make sure no programs or windows are open.
Run HijackThis and click on Scan only
Put a check at the begining of each of these lines. I have highlighted three lines that should be removed. The others are optional depending on your feeling about the two programs above.


O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) <<<<====== If you want to keep Weatherbug leave this line alone.
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

Now open Windows Explorer and delete the following folders (if present):


C:\Program Files\AWS <<<<====== If you want to keep Weatherbug leave this line alone.
C:\Program Files\PartyPoker
Click Fix checked
Close HijackThis



Run Hijackthis and run a scan only. Post the new log here.

**********************

Thegame619

41 Posts

August 4th, 2005 21:00

ogfile of HijackThis v1.99.1
Scan saved at 3:40:17 PM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ICO.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Citianywhere\CAPing.exe
C:\Program Files\CitiAnywhere\CA\IPInsight\IPClient.exe
C:\Program Files\CitiAnywhere\CA\IPInsight\IPMon32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CitiAnywhere\CA\IPInsight\launchipi.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Willsbb\Desktop\CleanUp!\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yankees.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CAPing] C:\Program Files\Common Files\Citianywhere\CAPing.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\CitiAnywhere\CA\IPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\CitiAnywhere\CA\IPInsight\IPMon32.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Visual IP InSight Client (Retail) (VisualLaunchIPI_Citigroup_Retail) - Visual Networks - C:\Program Files\CitiAnywhere\CA\IPInsight\launchipi.exe

Thegame619

41 Posts

August 4th, 2005 22:00

thx u and i have a question how can i stop unneeded exes from running when i start my computer?

NikkJ

94 Posts

August 4th, 2005 22:00

depends on the program.
Some have the option to run or not run in their toolbars.
Others put themselves in the start>all programs>startup folder.

Be careful you don't stop something you need.
If you have specific problems try the Dell XP forum.

NikkJ

94 Posts

August 4th, 2005 22:00

Hi

Your log is now clean and so an furthe slowdowns don't appear to malware related.

I notice that you still have not loaded SP2 for XP. We find that when it tries to autodownload -especially on a dialup modem- the system slows down dramatically. Although I can't see any specific signs of this happening you should consider upgrading in any event.

This is my usual advice when logs are clear. Please read it and consider the pertinant sections.

Good luck


You have a clean Log. Sleep soundly .........after you do the following :-
Enable restore points
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply
Click OK.

Update with SP2
Visit Windows Update and follow the onscreen instructions to download and install SP2.
This is a time consuming process, even with a fast connection. If you use a dial-up connection you should consider getting a FREE copy
directly from Microsoft or get a friend with a fast connection to burn a copy of the upgrade to CD for you.

Update Windows regularly

Manually:

Visit Windows Update on a weekly/fortnightly REGULAR basis.

Automatically:
On the Desktop, right-click My Computer.
Click Properties.
Click on Automatic Updates
Check the option of choice (I use Automatic (Recommended)).
If you use dial-up I would recommend using the
Notify Me option so that you can download when you can afford the time and bandwidth overheads.
Select the Day/Time of choice
Click Apply
Click OK



Secure your web browser
Open Internet Explorer and click on the Tools menu and then click on
Options.
Click on Security
Click the Internet icon
Click on Custom Level.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
Change the Allow paste operations via script to Disable
Click on OK
Save (if asked).
Click on Apply button
Click on OK


Alternatively you could use another browser such as
Mozilla Firefox
Opera or
Netscape


Get Some Protection
The following programs are useful in the fight against Malware. Best of all, they're FREE.
Download and install any or all . Be warned though ---- Unless you keep them regularly updated you are living with a false
sense of security.

Ad-Aware SE - This is a
program that scans for and removes known spyware from your machine.
Spybot Search &
Destroy -Similar to Ad-Aware but more configurable and incorporates Teatime, a memory resident utility that protects the system
registry. I recommend use both of these in tandem.
Spyware Blaster -
Prevents the addition of ActiveX Controls on your machines by
isolating the system registry.
IE_Spyad - Uses the inbuilt IE restriction policy to stop your browser
from opening web pages in a much enhanced list of undesirable addresses.
Tutorial


A good is essential. AVG is one of the better known, and trusted, antivirals.

And Finally.........Lock the door with a Firewall . XP comes with its own simple firewall but I prefer to substitute it with
ZoneAlarm.



Remember, Paranoia is a state of mind.
I mind who watches me.

Was this post helpful?

View All

No Events found!

Top