• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gideon

Sluggish performance, and funny characters in Word file

12 posts in this topic

My system has been very sluggish. Takes a while to boot up completely. When shutting down, it frequently comes back with an error trying to shut down one process or another. It then requires another shutdown to actually shut down. There is a slight pause before it opens a newly launched IE browser or folder. While running some of the recommended spyware tools such as Ad-Aware, Spybot, HijackThis, CWSshredder, etc., it typically comes back with one bad thing or another. After fixing those, they typically come back.

 

In addition, I opened a Word file that I previously created, and some of the letters were replaced by strange characters and faces at the top. This has happened to me in the past. I removed the file and restored it from a good copy I had saved away. The new copy exhibited the same behavior.

 

 

*********************************************************

 

 

Here is the AVG Anti-Spyware report:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 8:33:13 PM 5/30/2007

 

+ Scan result:

 

 

 

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.

 

 

::Report end

 

 

*********************************************************

 

 

Here is the HijackThis report:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:44:30 PM, on 5/30/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\Atiptaxx.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\PROGRA~1\MICROS~3\wcescomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Palm\hotsync.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\System32\rsvp.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ATIPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Edited by gideon

Share this post


Link to post
Share on other sites

I ran Kaspersky Online Scanner, and it identified several infected and suspicious files. It also skipped past a bunch of locked objects.

 

Scan Statistics were as follows:

 

Scan Statistics

Total number of scanned objects 42009

Number of viruses found 3

Number of infected objects 14

Number of suspicious objects 6

Duration of the scan process 03:02:16

 

The file level details included files infected with the following viruses:

 

Suspicious: Exploit.HTML.Iframe.FileDownload

Infected: Email-Worm.Win32.Klez.h

Mail MS Mail: infected - 1, suspicious - 2

Infected: not-a-virus:NetTool.Win32.PsKill

Mail MS Mail: infected - 9, suspicious - 2

 

Based on the identification of Klez above, downloaded FixKlez.com from Symantec and ran it in Safe Mode. The tool ran for a while and eventually indicated that Klez was not found. FixKlez.log contents were as follows:

 

Neither W32.Klez.gen@mm nor W32.ElKern.gen

were found on your computer.

Edited by gideon

Share this post


Link to post
Share on other sites

Went ahead and removed eTrust EZ A/V and Zone Alarm firewall, as well as AVG Anti-Spyware and the ActiveX components of Kaspersky Scan and Panda ActiveScan. Installed Kaspersky A/V trial version, and ran a full scan/fix with Kaspersky A/V. Then uninstalled Kaspersky A/V, and re-installed AVG Anti-Spyware and re-ran full scan/fix. Then uninstalled AVG, and installed McAfee SecurityCenter (A/V, Anti Spyware, Firewall), and ran A/V, Anti Spyware, and Cleanup services through McAfee. It did not seem to identify anything peculiar but the cleanup did update approximately 100 resgistry entries. Re-downloaded and ran Kaspersky Scan and Panda Active Scan. Both appear to show the same problems they identified before. It is interesting to note that Kaspersky scan still identified the same problem which its own A/V software apparently did not fix.

 

The machine is still sluggish, and the Word file still has a few straneg characters at the top. Another interesting note is that the letters appear like strange characters even though their font appears to be correct, and when converting to HTML or cutting and pasting in another tool the actual correct letters are displayed (i.e., they only appear like strange charcters in the Word file). As such, I am still unable to send out this Word file. Appreciate any help you can provide in resolving these issues!

 

Here are the latest scan results:

 

**********************************************************************************

 

AVG Scan:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 2:21:10 AM 6/3/2007

 

+ Scan result:

 

 

 

HKLM\SOFTWARE\Classes\AppID\{90A52F08-64AC-4DC6-9D7D-4516670275D3} -> Adware.RogueSuspect : Cleaned.

HKLM\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} -> Adware.RogueSuspect : Cleaned.

HKLM\SOFTWARE\Classes\TypeLib\{90A52F08-64AC-4DC6-9D7D-4516670275D3} -> Adware.RogueSuspect : Cleaned.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} -> Adware.RogueSuspect : Cleaned.

 

 

::Report end

 

**********************************************************************************

 

Kaspersky Scan (in addition to 67 locked objects):

 

Scan Statistics

Total number of scanned objects 40779

Number of viruses found 3

Number of infected objects 13

Number of suspicious objects 4

Duration of the scan process 03:07:48

 

Suspicious: Exploit.HTML.Iframe.FileDownload

Infected: Email-Worm.Win32.Klez.h

Suspicious: Exploit.HTML.Iframe.FileDownload

Mail MS Mail: infected - 1, suspicious - 2

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Infected: not-a-virus:NetTool.Win32.PsKill

Mail MS Mail: infected - 8

Suspicious: Exploit.HTML.Iframe.FileDownload

Infected: Email-Worm.Win32.Klez.h

Suspicious: Exploit.HTML.Iframe.FileDownload

Mail MS Mail: infected - 1, suspicious - 2

 

**********************************************************************************

 

Panda ActiveScan:

 

Incident Status Location

 

Adware:adware/cws.searchmeup Not disinfected c:\new.exe

Adware:adware/cws Not disinfected C:\Documents and Settings\administrator\Favorites\Fun & Games

Adware:adware/ist.istbar Not disinfected Windows Registry

Adware:adware/superspider Not disinfected Windows Registry

Adware:adware/delta Not disinfected Windows Registry

Adware:adware/sbsoft Not disinfected Windows Registry

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\administrator\Cookies\administrator@go[2].txt

 

**********************************************************************************

 

HijackThis Log:

 

Logfile of HijackThis v1.99.1

Scan saved at 7:05:28 PM, on 6/3/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\Atiptaxx.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\PROGRA~1\MICROS~3\wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Palm\hotsync.exe

C:\WINNT\System32\rsvp.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ATIPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0204741180839797) (0204741180839797mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\020474~1.EXE (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

Edited by gideon

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Nothing suspicious was found on your log.

 

Let me know what problem remains I will see what I can do to help.

Share this post


Link to post
Share on other sites

Hi nasdaq,

 

Thanks for reviewing the logs. Good to hear there is nothing suspicious, but I am still experiencing the problems I described. The primary problems are as follows:

 

1. The Word document still shows a few letters at the top as strange characters, even though these apparently are the correct characters when copied/pasted into another Windows application. I suspect there is something wrong with my font file, but not sure how to fix it.

 

2. System is still sluggish and takes a long time to boot up. When launching an IE window, it takes anywhere from a minimum of 5 seconds up to 10-15 seconds for the window to actually show up (blank home page). I tried shutting down any unnecessary services, but still same issue.

 

3. The Klez identification with Kaspersky was against a OST file with a lot of information, yet none of the A/V or anti-spyware tools appeared to have removed it. I am somewhat concerned about the implications if I tried to open up the OST file.

 

Appreciate any help you can provide in resolving these issues.

 

Thanks!

Share this post


Link to post
Share on other sites
1. The Word document still shows a few letters at the top as strange characters, even though these apparently are the correct characters when copied/pasted into another Windows application. I suspect there is something wrong with my font file, but not sure how to fix it.

 

Have you tried to change the Endoding used by the program?

 

Go to View > Encoding. Change it. Mine is set To Western European.

It does not matter which one you have change it and then change is back to what ever you need. Sometimes by changing a setting the registry is reset.

 

2. System is still sluggish and takes a long time to boot up. When launching an IE window, it takes anywhere from a minimum of 5 seconds up to 10-15 seconds for the window to actually show up (blank home page). I tried shutting down any unnecessary services, but still same issue.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions. <- important.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

 

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

3. The Klez identification with Kaspersky was against a OST file with a lot of information, yet none of the A/V or anti-spyware tools appeared to have removed it. I am somewhat concerned about the implications if I tried to open up the OST file.

Read about the .OST file/folder. Decide what you want to do with it.

 

http://office.microsoft.com/en-us/results.aspx?qu=.ost+file

 

=*=

 

Delete this folder in bold.

C:\Program Files\Common Files\Real\WeatherBug\

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Include a fresh HijackThis log for review.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for providing the information below. Here is the feedback/results for the actions you suggested:

 

Have you tried to change the Endoding used by the program?

 

Go to View > Encoding. Change it. Mine is set To Western European.

It does not matter which one you have change it and then change is back to what ever you need. Sometimes by changing a setting the registry is reset.

 

The application is Microsoft Office Word 2003, as this is a Word document. Unlike IE, there is no Encoding option under the View menu. Do you have any other suggestion on how to potentially fix the problem? If it helps, I can attach an image of what I see on the screen. I should also mention that the Font in this document is New Century Schoolbook. However, if I go into Microsoft Word and bring up a blank document and try to select the Font, I don't see the New Century Schoolbook listed. This is why I suggested in a previous post that I suspected this may have something to do with a corrupt Font file.

 

Updating Java

 

I went ahead and removed the old JRE (only found one - J2SE Runtime Environment 5.0 Update 6) and installed the new one. It does not seem to have any impact on the performance.

 

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

I have actually already looked at this article and followed some of the suggestions before posting my original message. Things that I have done based on this article were to shut down unnecessary services (including both running StartUpLite and manually reviewing and shutting down unnecesssary services based on another article), disabled automatic logon to Yahoo Messenger and Skype which appeared to be memory hogs, reduced the folder size for temporary internet files from around 750MB to 50MB, removed extraneous A/V and anti-spyware programs (replaced by McAfee SecurityCenter), removed a couple of old programs that are no longer necessary, ran cleanup of extraneous files (including Ccleaner and McAfee cleaner), and ran Defragment the hard drive. Many of this things I have done before, but I repeated them as part of the cleanup process.

 

Read about the .OST file/folder. Decide what you want to do with it.

 

http://office.microsoft.com/en-us/results.aspx?qu=.ost+file

 

It appears I may have addressed the Klez issue by running BitDefender. This one appears to have actually removed the extraneous file/link named "you are.scr" from the OST file and fixed the correct link. I have not been able to verify if there is a problem with the OST file after the fix, since Outlook refuses to open properly at this time. It is trying to open a PST file that resides on a transient auxiliary hard drive which is not attached to the laptop at this time. I removed the auxiliary drive as a precaution once I suspected the Virus/antispyware issues, but can easily put it back. It still puzzles me that Outlook would not open and ignore the unavailability of the PST file that was previously there. There are still some other suspected issues (Exploit.HTML.Iframe.FileDownload, and Infected: not-a-virus:NetTool.Win32.PsKill.a) with some files including the OST file that are still being detected by Kaspersky, but Klez is no longer being detected by Kaspersky. I subsequently removed BitDefender.

 

Delete this folder in bold.

C:\Program Files\Common Files\Real\WeatherBug\

 

Removed this folder.

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

 

I went ahead and ran the express scan. It identified one item as a suspected backdoor trojan. However, this appears to be a valid item (mps.exe - McAfee Privacy Service) based on other posts. I did not remove it and then ran a full scan against the hard drive. It came back with a handful of items (including repeat identification of mps.exe) that also appear to be valid entries from Spybot S+D and McAfee. Just to be sure, I wanted to list out the items here to get a confirmation from you, before I remove these items. Here are the items that were identified (and listed in the saved CSV log file):

 

mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;;

regLocal.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups;Probably SCRIPT.Virus;;

mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;;

InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;;

mps.exe;C:\Program Files\McAfee\MPS;Probably BACKDOOR.Trojan;;

 

I would appreciate the feeback as to whether I should go ahead and remove any of these items using Dr.Web CureIt.

 

Include a fresh HijackThis log for review.

 

Here is the latest HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:57:06 AM, on 6/27/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINNT\system32\Atiptaxx.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\MICROS~3\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\D-Link Air\Airdwl.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Palm\hotsync.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINNT\System32\rsvp.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ATIPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: D-Link Air Utility.lnk = C:\Program Files\D-Link Air\Airdwl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

 

http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

 

Let me know what problem persists.

 

The strange characters (as well as some messed up formatting due to last word in each line spilling over to the next line) in the Word document are still there.

 

The computer is still running slow, takes a while to boot up, takes a while to launch an IE browser, and occasionally displays a message about running out of Virtual memory. Granted, this laptop only had 256MB, but it is still running W2K which does not require as much memory and used to run much faster. I suspect some of the sluggishness is due to added bulk in newer version of Yahoo Messenger and Skype, as well as some of the McAfee services. However, it appears the the extreme sluggishness (such as taking 5-20 seconds for an IE browser to show up) happened almost overnight at some point and perhaps can be fixed somehow. It appears there may be some remnant processes that are left over from SBC/Yahoo DSL (currently using Comcast cable for high-speed connection) which can be removed. McAfee services appear to be resource hogs, but the sluggishness started when I was still running CA's eTrust EZ A/V which was much lighter. If there are any McAfee services that are not really necessary, I can certainly disable those if recommended. Not sure if there are also lighter versions of some of the other programs (e.g. Yahoo Messenger) that I should be running instead. Obviously upgrading the hardware is also an option, but that would basically mean having to scrap this laptop. It would be great if I can get it back to the state/speed it was running a couple of months ago.

 

Thanks for any suggestions you can provide to address either the Word file issue or the sluggishness (as well as address any virus/spyware issues you can see).

Edited by gideon

Share this post


Link to post
Share on other sites

http://support.microsoft.com/kb/822129/en-us

Office 2003 requires 400 MB of available hard-disk space. Hard disk requirements vary, depending on your configuration. Custom installation choices may require more or less hard disk space.

 

Look at the other requirements.

 

Running out of Virtual memory is from not having enough RAM. May be your fonts problem as well.

 

Unless you are able to add RAM you will always have problem with this program.

 

=*=

 

Make sure the operating system is managing the Virtual Memory. In the Windows Help file look for Virtual Memory. Follow the recommendations.

 

=*=

 

This is a service hog.

 

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

Hijackthis will stop and disable the service. It won't delete the service, so don't worry. If you want to re-enable it again, go to start > run and type: services.msc.

There you'll see a list of all services present. Search for "Google Updater Service", doubleclick it and set the startuptype to automatic if you want to enable it again.

 

If you fix this item make sure you restart the computer to reset the registry.

 

=*=

 

You may want to try this FreeRam tool.

http://www.softpedia.com/get/Tweak/Memory-...RAM-XPlus.shtml

 

=*=

 

Let me know where we stand.

Share this post


Link to post
Share on other sites

Hi,

 

Here are the updates based on last set of suggestions:

 

http://support.microsoft.com/kb/822129/en-us

Office 2003 requires 400 MB of available hard-disk space. Hard disk requirements vary, depending on your configuration. Custom installation choices may require more or less hard disk space.

 

Look at the other requirements.

 

Running out of Virtual memory is from not having enough RAM. May be your fonts problem as well.

 

Unless you are able to add RAM you will always have problem with this program.

 

Not sure I understand the issue with the 400MB hard-disk requirement. This is a requirement for installing the application suite (i.e. for the program files themselves), which is already installed and loaded. In addition, I still have over 6GB of free hard-disk space, so there should not be an issue around that requirement.

 

In terms of memory (RAM) requirement, Microsoft recommends:

 

"Microsoft recommends that your computer have a minimum of 128 MB of RAM. An additional 8 MB of RAM are required for each Office 2003 program that runs at the same time."

 

This laptop has 256MB of RAM and anywhere from 56-128MB of RAM free at steady state, so there should not be any virtual memory issues with this set of applications. Office 2003 is a bundle of standard applications (Word, Excel, PowerPoint) that have been loaded on most Windows laptops and desktops for over 10 years (including older versions). Office 2003 has been loaded and running on this laptop for over 3 years with no performance issues, but the performance problems happened fairly suddenly about 2 months ago. If some applications are the cause, I would expect it would be updates that I have loaded for things like Yahoo Messenger and Kype, or some other problem. It is very strange that suddenly it takes 20 seconds to load IE for the first time after a reboot, and about 5 seconds every other time, where it used to take under 1 second.

 

This is a service hog.

 

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

Used HijackThis to remove this and rebooted based on your instructions.

 

You may want to try this FreeRam tool.

http://www.softpedia.com/get/Tweak/Memory-...RAM-XPlus.shtml

 

Downloaded this application and installed it on my laptop. I now have a small icon showing me free RAM at all times on the tray on the right. Seems to be steady at around 55MB while adding this post and having HijackThis and NotePad running. I tried both the Minimum and Maximum Optimization Modes, but neither seems to have any effect on performance.

 

Let me know where we stand.

 

Still have the issues with the strange characters and formatting on the particular Word file I mentioned. Also, performance is still very slow. As I mentioned before, the degredation to this sluggish behavior happened fairly suddenly, so I would imagine there's got to be some way to resolve it and get it back to the state it was before.

 

Thanks for your continued support!

 

Here is the latest HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 5:31:54 PM, on 6/27/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINNT\system32\Atiptaxx.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\MICROS~3\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\D-Link Air\Airdwl.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Palm\hotsync.exe

C:\WINNT\System32\rsvp.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\FreeRAM\Freeram.exe

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ATIPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [FreeRAM] C:\Program Files\FreeRAM\FreeRAM.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: D-Link Air Utility.lnk = C:\Program Files\D-Link Air\Airdwl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

 

http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

Share this post


Link to post
Share on other sites

Sorry about the RAM and Disk space. I'm trying to do to much at the same time.

 

The problem with your font is unknown to me. My only thought on this is possible some bad templates.

Hope you can find some solution here. If not contact Microsoft.

 

http://support.microsoft.com/search/defaul...mp;x=12&y=9

 

the degredation to this sluggish behavior happened fairly suddenly, so I would imagine there's got to be some way to resolve it and get it back to the state it was before

All I have to work with are the logs and I do not see anything suspicious.

 

Try this tool.

 

StartUpLite is a lightweight program that can disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system.

 

Simply download StartUpLite from http://www.malwarebytes.org/startuplite.php and save it to a convenient location. Double click on StartUpLite.exe. Select all options you would like executed and select continue.

 

More information on the site.

 

Disable some of the 3rd party software. See if you can see an improvement when programs are disable which may lead to a solution.

 

===

 

Check for confict in your Hardware and or driver issues.

 

Start > Settings > control panel > System > Device Manager

Look at all the items and make sure you do not see any Yellow Exclamation point that would indicate that an action is required.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0