• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1150
  • Last Modified:

Dell Lap top Slow and some software wont run

We have a Dell Lat D420 running XP. 2.5 gigs of ram, it takes about 10min 40sec just to get to a login, once logged in
everything is super slow.. this machine has been around the world connected to LAN's in England, China, Japan, and Austrailia.....
I cant find anything wrong with it. now Suddenly when connecting to sprint through a mobile broadban connection the Message "You dont have sufficient privleges to connect tothe network." Looks like a windows security dialog box but is titled "Dell Mobile Boadband Card Utility: Error Connecting". No matter what user...  dell want me to reinstall from scratch... the whole system... there is alot of data and MS office on this machine so I am trying to avoid starting from scrath...
Below is a high Jack This Log... Please help...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:55 AM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Dell Mobile Broadband\DMBCU.exe
C:\PROGRA~1\Dell\DELLMO~1\Phoenix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2669177365-3707458066-21986910-500\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Adminvpc')
O4 - HKUS\S-1-5-21-2669177365-3707458066-21986910-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Adminvpc')
O4 - HKUS\S-1-5-21-2669177365-3707458066-21986910-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Adminvpc')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.jpmorganaccess.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183042773250
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c6/v21.148/qboax10.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
--
End of file - 5805 bytes

Open in new window

VERMINIhijackthis.txt
0
Vincent Costanza
Asked:
Vincent Costanza
  • 6
  • 6
2 Solutions
 
Dirtpatch-JenkinsCommented:
I would go through the standard routine first... boot into safe mode

goto start - run - type in msconfig - click startup tab and remove any unwanted / suspect apps from loading at start.

goto controll panel add remove programs and remove unwanted or suspect apps.

run a virus and adware scan.

0
 
Vincent CostanzaOwnerAuthor Commented:
Did all that, nothing found, at the present all start ups are diabled... same issues...
0
 
Dirtpatch-JenkinsCommented:
UNless im overlooking something i dont see anything in the hijack this report that looks nefarious.

How much disk space do you have free? ive seen similar behavior in  systems with critically low hd space.  

Also might be a cluttered registry.

if you are low on hd space, clear some up and defrag...

run a registry cleaner if you have one.

heres a link to registry mechanic... its a free download for the trial but im not sure how the trial works, it may only do a portion of its job or it may do it all for 30 days... just not sure.

http://www.pctools.com/registry-mechanic/

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Vincent CostanzaOwnerAuthor Commented:
80gig disk with 65 gig free... Yes I did a defrag...   ran a regcleaner ....
this one reall has me stumped... I remember when I took the system out the box.. how impress I was with the speed. whe the 1gig lan was hook to our 10meg cable Wan... it would just POP...
0
 
Dirtpatch-JenkinsCommented:
http://www.lavalys.com/

you can download a fre evaluation of a great diagnostic tool here:
http://www.lavalys.com/

it may help to isolate any hardware problems... did u run a registry scan?
0
 
Vincent CostanzaOwnerAuthor Commented:
OK Great I will try the tool...
As far as hardware, Dell laptops have hardware diag built into the mthr brd on rom. {hold the FN while lpowering up} some nice  tools they take about 3 hrs just to test dual processors with 2.5 gigs of ram...All test passed. I ran the same diag on another dell just to see if it took too long took about the same time on a laptop with 2 gig... and a slower processor... so I was happy with the results... then it takes you to another hardware diag utility on a hidden partition it tested the hard drive extensivly another hour.. So I am happy the hardware is ok....
Yes I did a reg scan... with norton util it went fine, maybe I could try another one I will look... and I will still try lavalys...
0
 
Dirtpatch-JenkinsCommented:
Im kind of at a loss.. the virus scans are clean... the hardware is bench marking ok... hmmn.

ill do some research on it.

0
 
Dirtpatch-JenkinsCommented:
Before you get to the point of re-installation, which wont help any way if its a hardware issue, try this disk..

http://knopper.net/knoppix/

Its a linux live cd just download and burn it, then boot into it... im wondering if the system is still laggy with a "fresh" O.S.

Plus you get the added benefit of having a linux os to fool around with if ya want.
0
 
rpggamergirlCommented:
What software won't run?
Have you tried scanning for rootkits?
Also scan with Combofix and show us the log file to check for any malicious entries.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop (If it won't run, re-download and rename it before saving to your desktop)
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 
Vincent CostanzaOwnerAuthor Commented:
OK, RPG...
Here is the combofix log...
See anything unusual?

ComboFix 09-02-21.01 - Veronica 2009-02-22 22:51:26.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1636 [GMT -6:00]
Running from: d:\combofix\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
 * Created a new restore point
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\windows\IE4 Error Log.txt
 
.
(((((((((((((((((((((((((   Files Created from 2009-01-23 to 2009-02-23  )))))))))))))))))))))))))))))))
.
 
2009-02-21 15:39 . 2006-12-29 00:31	19,569	--a------	c:\windows\[u]0[/u]00001_.tmp
2009-02-21 12:00 . 2009-02-21 12:00	<DIR>	d--------	c:\documents and settings\Veronica\Application Data\Sonic
2009-02-21 11:57 . 2009-02-21 11:57	<DIR>	d--------	c:\documents and settings\Veronica\Application Data\Leadertech
2009-02-21 11:18 . 2009-02-21 11:18	<DIR>	d--------	c:\program files\Trend Micro
2009-02-19 11:50 . 2009-02-19 11:50	<DIR>	d--------	c:\program files\Common Files\Zeepe Framework 7
2009-02-03 14:31 . 2008-12-05 03:52	36,272	-r-------	c:\windows\system32\drivers\SymIM.sys
2009-02-03 14:30 . 2009-02-03 14:30	124,464	--a------	c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-03 14:30 . 2009-02-03 14:30	60,808	--a------	c:\windows\system32\S32EVNT1.DLL
2009-02-03 14:30 . 2009-02-03 14:30	10,635	--a------	c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-03 14:30 . 2009-02-03 14:30	806	--a------	c:\windows\system32\drivers\SYMEVENT.INF
2009-02-03 14:27 . 2009-02-03 14:32	<DIR>	d--------	c:\windows\system32\drivers\NAV
2009-02-03 14:27 . 2009-02-03 14:27	<DIR>	d--------	c:\program files\Windows Sidebar
2009-02-03 14:27 . 2009-02-03 14:27	<DIR>	d--------	c:\program files\Norton AntiVirus
2009-02-03 14:25 . 2009-02-03 14:27	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Norton
2009-02-03 14:21 . 2009-02-04 18:03	<DIR>	d--------	c:\program files\NortonInstaller
2009-02-03 14:21 . 2009-02-03 14:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-03 14:14 . 2009-02-03 14:15	<DIR>	d--------	C:\SEP
2009-02-03 12:45 . 2009-02-03 12:45	<DIR>	d--------	c:\windows\system32\scripting
2009-02-03 12:45 . 2009-02-03 12:45	<DIR>	d--------	c:\windows\system32\en
2009-02-03 12:45 . 2009-02-03 12:45	<DIR>	d--------	c:\windows\system32\bits
2009-02-03 12:45 . 2009-02-03 12:45	<DIR>	d--------	c:\windows\l2schemas
2009-02-03 12:32 . 2009-02-03 12:32	<DIR>	d--------	c:\windows\ServicePackFiles
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 17:50	---------	d-----w	c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-02-12 19:09	---------	d-----w	c:\program files\Broadcom
2009-02-12 19:08	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-02-12 19:08	---------	d-----w	c:\program files\Wave Systems Corp
2009-02-12 18:50	---------	d-----w	c:\program files\Roxio
2009-02-12 17:52	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 20:15	---------	d-----w	c:\program files\WorkgroupShare Client
2009-02-04 02:51	---------	d-----w	c:\program files\Common Files\Symantec Shared
2009-02-03 20:32	---------	d-----w	c:\documents and settings\All Users\Application Data\Symantec
2009-02-03 20:30	---------	d-----w	c:\program files\Symantec
2008-12-12 17:01	3,067,904	------w	c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57	333,952	------w	c:\windows\system32\dllcache\srv.sys
2007-12-08 18:47	40,136	------w	c:\documents and settings\Veronica\Application Data\GDIPFONTCACHEV1.DAT
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-r------- 2005-10-06 22:13 176128 c:\program files\Apoint\Apoint.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--------- 2006-11-22 16:35 1392640 c:\windows\system32\WLTRAY.EXE
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--------- 2007-02-20 11:29 1191936 c:\program files\Dell\QuickSet\quickset.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 19:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--------- 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--------- 2005-12-13 01:41 77824 c:\windows\system32\hkcmd.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--------- 2005-12-13 01:45 118784 c:\windows\system32\igfxpers.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--------- 2005-12-13 01:44 98304 c:\windows\system32\igfxtray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--------- 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--------- 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray]
--a------ 2007-05-01 17:12 331851 c:\program files\Dell\Dell Mobile Broadband\systray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2006-03-24 01:30 282624 c:\windows\stsystra.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:RPC
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
 
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-03 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-03 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-03 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090217.002\IDSxpx86.sys [2009-02-19 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-03 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-04 99376]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-03-22 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-03-22 92288]
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - NTLMSSP
.
Contents of the 'Scheduled Tasks' folder
 
2009-02-12 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2008-04-13 18:12]
.
- - - - ORPHANS REMOVED - - - -
 
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
 
 
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: jpmorganaccess.com
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 22:54:08
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-02-22 22:58:00
ComboFix-quarantined-files.txt  2009-02-23 04:57:47
 
Pre-Run: 41,723,334,656 bytes free
Post-Run: 41,992,433,664 bytes free
 
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 
167	--- E O F ---	2009-02-23 04:18:04

Open in new window

0
 
Vincent CostanzaOwnerAuthor Commented:
Dirtpatch...
The system ran fine very snappy under Knopper, and unix... Also passed another Dell Hardware test...
Just no clue whats making it so slow under Windows XP Pro..
0
 
Dirtpatch-JenkinsCommented:
I dont see anything in the combofox log either...

when your booted up and running hit "cntr-alt-del" - click the processes tab  -
what are the cpu usage and commit charge? are there any processes that seem to be using alot more cpu than the others? more mem?

I may not be making any friends here,, but im not a big fan of norton... i would boot into safe mode and uninstall it to see... (worth booting into safe anyway just so see if its slow in safe)   I've seen norton do some goofy stuff before and it wouldnt suprise me if it was the culprit here as well.

The diagnostics as well as it running smoothly with a live cd pretty much rule out it being a hardware issue...

0
 
Vincent CostanzaOwnerAuthor Commented:
basically 99 system idle process....
I will try the uninstall of Norton.. and let you know...
 
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now