Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

am i infected, or just old?


  • This topic is locked This topic is locked
7 replies to this topic

#1 nw_mike

nw_mike

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 28 August 2010 - 04:40 PM

Hello

I have a 5 year old laptop that just recently has seemed to slow down...even when I'm only running one or 2 applications. I have run all the ad-aware, CC cleaner, Norton scans etc, but slowness continues.

Want to know if I've got some infection not found by these tools...or maybe it's just about time for an upgrade?


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 12:09:15.46 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.70 [GMT -7:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Documents and Settings\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/advanced_search?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: AwesomeBestShoppingTipsProgram: {6b0da396-2dee-e4c6-d02b-575ff7159670} - AwesomeBestShoppingTipsProgram
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5477/mcfscan.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-24 23:43:03 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-24 23:43:03 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-24 23:43:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-24 23:43:03 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-25 00:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-23 18:34:22 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 12:10:48.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:43 PM

Posted 28 August 2010 - 05:02 PM

Good evening. smile.gif

Download Preformat.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

So long, and thanks for all the fish.

 

 


#3 nw_mike

nw_mike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 31 August 2010 - 09:54 PM

Here it is


Partition ID: Disk #0, Partition #0
Size: 54.88 MB

~~~~~~~~~~~~~~~~~~~~~~~~

Partition ID: Disk #0, Partition #1
Size: 70.9 GB

The computer boots from this partition.

~~~~~~~~~~~~~~~~~~~~~~~~

Partition ID: Disk #0, Partition #2
Size: 3.58 GB

~~~~~~~~~~~~~~~~~~~~~~~~

BIOS Manufacturer: Dell Inc.
Name: Phoenix ROM BIOS PLUS Version 1.10 A05
Status: OK

This is the primary BIOS.

~~~~~~~~~~~~~~~~~~~~~~~~

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:43 PM

Posted 01 September 2010 - 02:33 PM

Good evening. smile.gif

Can you tell me the make and model of your PC - i'm guessing that it's a Dell.

So long, and thanks for all the fish.

 

 


#5 nw_mike

nw_mike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 01 September 2010 - 08:53 PM

Yes, it's a Dell Insprion 9300.


Some tech details, incase it helps:

Feature Details
PC Manufacturer Dell Inc.
Model Inspiron 9300
Motherboard Manufacturer Dell Inc.
Product
CPU Intel® Pentium® M processor 1.60GHz
Version x86 Family 6 Model 13 Stepping 8
Data Width 32bits
L2 Cache Size 2,048Kb
Approximate Current Clock Speed 798Mhz
Approximate Maximum Clock Speed 1,596Mhz
BIOS Phoenix ROM BIOS PLUS Version 1.10 A05
Date 9/18/2005
Version DELL - 27d50913
Memory slots available on motherboard 2
Memory Chip DIMM_A
RAM 256Mb
Speed 533ns
Memory Chip DIMM_B
RAM 256Mb
Speed 533ns
Motherboard Device ATI MOBILITY Radeon X300
Status On
Motherboard Device Sigmatel 9750
Status On
System Slot PCMCIA 0
Status Available
System Slot MiniPCI
Status Available
CD Drive SONY DVD+-RW DW-D56A
Media Type CD-ROM
Video Manufacturer ATI Technologies Inc.
Video Card ATI MOBILITY RADEON X300
RAM 128Mb
Mode 1680 x 1050 x 4294967296 colors
Driver ati2dvag.dll
Date 8/4/2005
Version 6.14.10.6561
Hard Disk Model FUJITSU MHT2080AH
Interface IDE
Network Adapter Broadcom 440x 10/100 Integrated Controller
Service Name bcm4sbxp
Network Adapter Dell Wireless 1350 WLAN Mini-PCI Card
Service Name BCM43XX
Network Adapter 1394 Net Adapter
Service Name NIC1394
Sound Manufacturer SigmaTel
Model SigmaTel C-Major Audio
Printer Send To Microsoft OneNote 2010 Driver
Printer PrintMessenger
Web Site http://www.efi.com/
Printer Microsoft XPS Document Writer
Printer HP Officejet 6300 series
Printer HP LaserJet 4L
Web Site http://go.microsoft.com/fwlink/?LinkID=37&...mp;sbp=Printers
Printer EPSON Stylus Photo R800
Web Site http://support.epson.com
Printer Amyuni PDF Converter 2.07
Number of Logical CPUs Active 1



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:43 PM

Posted 02 September 2010 - 02:04 PM

Good evening. smile.gif

It's not the age of the PC itself that is of interest to me, it's the age of the Windows installation. According to one of the logs that you posted, you are still using the original installation and this is probably the cause of your system slowness.
While Windows will run happily for months and months without attention, after a long period of time all the detritus from installing/uninstalling and updating software eventually drags the system down and the only real cure is to reinstall the operating system.
I tend to do this every year or so, depending on how badly the slowdown affects my system, but I know people who reinstall every six months without fail.

While you may have the discs that came with the PC and can use them to reinstall, it is easier in your case to use something called Dell PC Restore that is built into your computer - bless Dell! The manual for the computer that can be downloaded here tells you how to access this utility on page 77.

This basically turns back the clock on your PC and when it finally reboots it will be as if you had turned the machine on for the very first time. This does however mean that you will need to back up any important data as it will be made unavailable once the system has reset, so make this your very first task.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The process will go something like this:

Step 1. Back up all important data - twice if it's really important and you don't want to lose anything to dodgy discs.
Step 2. Dig out your security program disc as you will need to install this BEFORE you go back online - if you don't have one or prefer to run something other that Norton, I can provide links to free software instead.
Step 3. Run Dell PC Restore.
Step 4. Install security programs.
Step 5. Update security programs - you want to be protected BEFORE you go online for the first time.
Step 6. Go to Windows Updates and allow your machine to be updated - this will take some time, but you want it to be up-to-date to be as secure as possible.

Once you've done the above, the rest of the weekend is your own!

Please ask any questions that you have BEFORE you do something you later wish you hadn't! blink.gif

So long, and thanks for all the fish.

 

 


#7 nw_mike

nw_mike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 September 2010 - 09:19 PM

So, don't see any signs of infection? Good to know.

Yes, my windows installation is the original with a gazillion updates along the way. I'll take your advice and follow your steps. Will be a couple of weeks from now as I have to travel (thankfully not with this laptop!). I'll post again the result.

Thanks

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:43 PM

Posted 16 September 2010 - 02:32 PM

As there has been no post for nearly a fortnight this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users