Tech Support Guy banner
Status
Not open for further replies.
1 - 16 of 16 Posts

·
Registered
Joined
·
20 Posts
Discussion Starter · #1 ·
Hi.

I hope I am posting this on the correct forum. After submitting my first problem a while ago and getting a solution here, I hope you can help again.

For some reason my Windows XP installation suddenly takes long to log in.

It is quick to the logon screen, but then when I enter my username it takes VERY long to load my personal settings. And then get to the Desktop.

One of the other symptoms is that Outlook cannot connect to my echange server, but I can ping it. No error messages comes up at all, and I am at a loss where to start looking next.

I think it might be a program that installed via the internet.

I have run AVG Anti Spyware, with no result. Trend Office Scan also found no virus infected files on my PC.

I have attached a Hijack This log file.

Please help!
Thank you,
Connaboy
 

Attachments

·
Registered
Joined
·
3,895 Posts
log
Logfile of HijackThis v1.99.1
Scan saved at 4:41:05 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\NX2E79.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\Virus Repair Tools\Hijack\HijackThis.exe

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?a6ad111c7275442387408925f2b0e3c7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?a6ad111c7275442387408925f2b0e3c7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://172.30.0.3:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - https://172.30.0.3:4343/officescan/console/html/AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://172.30.0.3:4343/officescan/console/html/AtxPie.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = frontierinn.co.za
O17 - HKLM\Software\..\Telephony: DomainName = frontierinn.co.za
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D2C1408-9BD5-473D-A3B9-239C36A750A0}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B031AC-BEE8-4712-99DA-A333E161EED3}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = frontierinn.co.za
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
 

·
Registered
Joined
·
20 Posts
Discussion Starter · #5 ·
Sorry about the misconception, Teck. It looks like it might be a network related issue.

When the PC boots up, it is fast until it gets to the Windows screen, Applying computer settings. Then it takes a while to get to the logon screen. Once I enter my network logon information it takes up to 15 minutes to get to my desktop.

When I try to access our in house Exchange server, it does not connect at all.... I can ping it though, without any problems.

I have used my logon on a different PC without any problems at all.
 

·
Registered
Joined
·
309 Posts
Java is for better sercurity only. Won't make anything run faster.

computer specs please.

and once the computer is running going into taskmanager and tell us what processes are chewin' up your CPU.
 

·
Registered
Joined
·
20 Posts
Discussion Starter · #9 ·
As requested, here follows my PC Specs :


DELL GX520
512 Mb RAM
Pentium D 3Ghz CPU
Intel on board VGA (224mb?)
80 Gb HDD (62Mb Free)
Software :
Microsoft XP Pro (32-bit)
Internet Explorer 7
Running on a Domain

Please let me know if you need more info on the PC.

Here is a screen shot of Task Manager. I hope this gives you more information.

Connaboy

PS : I have just logged on with my roaming profile on another PC. No problems.
Regular applications I've been using, gets absolutely no access to the network, so there must be something blocking network access.
 

Attachments

·
Registered
Joined
·
45,855 Posts
Any idea what this is in your process list?

C:\WINDOWS\TEMP\NX2E79.EXE

Is it, or something similar from the temp directory repeating?

Try doing some "clean booting" to see if you can isolate the culprit.

Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.

See this link for detailed information:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353

Now restart and test the issue at hand

If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

Get the idea? You want to isolate the problem to a specific startup if possible.

Note: if you already have items unchecked under msconfig > startups and are in "selective" startup mode - you should note what these are before beginning. They will need to be de-selected again.
 

·
Registered
Joined
·
20 Posts
Discussion Starter · #11 ·
Hi Rollin' Rog.

I've noticed the NX2E79 entry.

I don't what it is.... I've tried searching for the file on my hdd, after reboot, but could not find it. I DID however find another program in the TEMP directory, which had the same icon, but different filename. I rebooted into safe mode and cleaned the TEMP directory.

I could find no reference as to where the file is being loaded though.

I've just used the msconfig utility to disable everything and I am going to do selective re-activation of all the entries.

I will reply with the results, as soon as I can.

Connaboy
 

·
Registered
Joined
·
20 Posts
Discussion Starter · #12 ·
For anyone intersted, here is a bit of feed back.

I have narrowed the problem down to a Microsoft service that is causing the problems. I still have to isolate which one though.

I am running SFC /SCANNOW to make sure all the windows files are correct.

When I get more information, I will report back.

Connaboy
 

·
Registered
Joined
·
20 Posts
Discussion Starter · #13 ·
Okay found a couple of DLL files that was missing, according to SFC, but it still did not solve my problem, and I cannot seem to get my finger on the service that is causing the problem.

If anyone has a thought, please let me know.

Thank you
 

·
Registered
Joined
·
45,855 Posts
Are you seeing any running processes still from the temp directory -- or in fact any new and unexplained ones?

You can disable most Microsoft services. The ones to avoid disabling are the "remote procedure call (rpc)" a very critical service which should never be disabled -- and the System Restore service (SRService). If you disable the latter it will wipe out your restore points.

You can use this link as a guide to configuring services:

http://smallvoid.com/tweak/winnt/services.html

Perhaps you should try running a rootkit detector. Unfortunately there are some that these will not detect.

http://www.f-secure.com/blacklight/
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
 

·
Registered
Joined
·
3,148 Posts
Connaboy said:
Okay found a couple of DLL files that was missing, according to SFC, but it still did not solve my problem, and I cannot seem to get my finger on the service that is causing the problem.

If anyone has a thought, please let me know.

Thank you
Some MS sp2 services were causing problems before (10/06), and were supposedly being worked on. By now, they're probably still a problem...:D

http://forums.techguy.org/tech-tips-tricks/514811-slow-xp-boot-dig.html?highlight=slow+XP+boot
 

·
Registered
Joined
·
20 Posts
Discussion Starter · #16 ·
O.k Ppl.... I feel just stupid ....

I found the problem. My idiot collegue went and changed some of the TCP/IP settings. Changed them back to the original settings and everything works fine now.

Sorry for the inconvenience (sp?) but THANK YOU very much to all the people who tried to help me.

Connaboy
 
1 - 16 of 16 Posts
Status
Not open for further replies.
Top