Save the dell!!!!!

[imported_Zeke]

My parents have a dell Dim 4500 that is well, not running to its potential lets say. P4 2.0 256mb pc2700 geforce4 mx420 40gig hd with 7 gig free. Its a collosal mess, I've managed to get all the spyware off, cleaned the registry and such, but there is still an insanely long wait to get the thing to load once you selcet a user and log into windows. Some programs take 50 seconds to start up. There is a wierd dual blink after the system starts up..blinks to black twice very quick. They are fighting me on a full system wipe, which is my first instinct, anyone else have any ideas?

 

[imported_Zeke]

Oh and it won't let me stop other programs with taskmanager that are startedc by other user despite being logged in as the admin

 

[timswim78]

Originally posted by: Zeke
My parents have a dell Dim 4500 that is well, not running to its potential lets say. P4 2.0 256mb pc2700 geforce4 mx420 40gig hd with 7 gig free. Its a collosal mess, I've managed to get all the spyware off, cleaned the registry and such, but there is still an insanely long wait to get the thing to load once you selcet a user and log into windows. Some programs take 50 seconds to start up. There is a wierd dual blink after the system starts up..blinks to black twice very quick. They are fighting me on a full system wipe, which is my first instinct, anyone else have any ideas?

I would test the hdd first, then I think that this system sounds like an ideal candidate for a full system wipe. Just be sure to backup their files, and install SP2, antivirus, and spyware removers right away.

You could also try a repair installation before wiping out the hdd. I have had some good successes with repiar installations.

 

[MrChad]

Ok. First things first.

1. Do you have all of the latest Windows updates installed (including SP2) and beyond?
2. What antivirus are you using? Are your definitions up-to-date and have you performed a full system scan?
3. Run HijackThis and post your log here so we can take a look at it.

 

[Malak]

I recently had to do a full system wipe on my dad's emachine. Fact is, he was probably overrun by spyware. I'm going to install more protection this time around. I would suggest doing the same.

 

[imported_Zeke]

running webroot spysweeper, spybot S&D, Sp2 and all updates installed, 2002 updated norton antivirus, and I just switched the system over to firefox. Ill run hijack and post it.

 

[imported_Zeke]

Logfile of HijackThis v1.99.0
Scan saved at 11:15:53 AM, on 12/22/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barb\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.co...ize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}_ - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.co...s/clients/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/...neSweeper.cab27571.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/downloa...alls/yinst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/15...QuickTimeInstaller.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50136/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/...ssengerStatsClient.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/powertools.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zu...lt/popcaploader_v5.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

[MrChad]

I would remove:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.co...ize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}_ - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/downloa...alls/yinst20040510.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50136/QDow_AS2.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/powertools.cab

 

[imported_Zeke]

ok removed aformentioned items, also noticed norton starting disabled

 

[Philippine Mango]

Ok first off try disabling EVERYTHING that starts up, don't do services just yet well actually disable services that didn't come with windows. So after your done disabling them all, restart the computer and see if its significantly faster. If its still slow, look up the HDD specs, you could have a 5400RPM hard drive which could explain it being slow. When you go about reenabling your programs for boot, programs like spy sweeper don't need to be running all the time, you should check out whats causing rundll32.exe to be running, I've noticed in past history the types of programs that require it to run can really cause the system to slow down, could be nothing.

Were you already running SP2? Did you install it a while ago and now that your working on the system your seeing a slow down? SP2 could be slowing your system down, thats where you will have to make the decision of better performance/less security (IMO it doesn't help much) or worse performance/"better security". Can't find much else here... Oh BTW a good way to see if the system is "really slow" is to do a timed test (preferably with a stop watch).

Get the timer ready and hit it soon as you press the power button (make sure the system boots to desktop automatically) and keep running the stop watch and only stop it when everything has fully loaded (including the stupid XP stalling crap which can take an additional minute). I've noticed that it takes my system 1 minute to JUST get to the desktop and 2 minutes to be fully loaded.

P4 3.5GHZ 250FSB
1GB Corsair Twinx PC4000 Ram
120GB Maxtor Drive 8MB cache, 80GB Maxtor drive
Creative Audigy 2 ZS
Lite-on 52x CDRW/DVD Combo
ATI Radeon 9800Pro

 

[imported_Zeke]

disabled everything in startup with msconfig, although zone alarm and norton managed to add themselves back in, still takes an excessive time to get fully into windows. The blinking didnt happen this time however

 

[bleeb]

man such a headache... just clean install that shiznit!...

Install sp2, antivirus, anti spyware, and all patches, install a firewall, and do system scans....

 

[imported_Zeke]

as I said before format is an absolute last resort

 

[bleeb]

Originally posted by: Zeke
as I said before format is an absolute last resort

as i'm saying again, just do the clean install!! =)

 

[Deskstar]

I have the very same machine and about the same age. It has been fully protected from day 1 from all viruses; spybot run regularly, etc.

Yet, it still managed to corrupt a windows boot file last night. Your problem may or may not be the same. I'll tell you what I did.

1. back up all important documents, the *.pst file, your Favorites. Write down all applications/programs that are loaded and find those install disks. You will probably have to reinstall them after a wipe. Find any icons or programs/games that may not show up in the list of software. Write down all of the utilities that you have installed; better is to backup another file "Downloads" into which all the utilties zip files or install files are placed. Find the CD with all your drivers on it if XP will no recognize them. write down your network group, passwords, everything.`
2. get yourself ready to mess up what you have now and lose internet access in the process
3. boot to the Windows CD and use the repair mode to fix things; in my case that did not work. It made matters worse because I could no longer boot from my hard drive at all
4. boot to the Windows CD and you have a choice to reinstall Win XP over the existing Windows installation (same disk, same partition) or do a full wipe. The reformat/reinstall/clean & wipe is the better of the two, unless you forgot something in your back ups.
5. You have already spent more time on tweaking than it would have taken to do a clean install. Just bite the bullet like I did; I now have a clean fully working machine whose image is backup automatically weekly.

My Dell delivers (now).

 

[AnonymouseUser]

Originally posted by: bleeb
man such a headache... just clean install that shiznit!...

Install sp2, antivirus, anti spyware, and all patches, install a firewall, and do system scans....

Just install Mandrake and be done with it. It isn't like they play games, is it? Sheesh.

 

[imported_Zeke]

Originally posted by: AnonymouseUser

Originally posted by: bleeb
man such a headache... just clean install that shiznit!...

Install sp2, antivirus, anti spyware, and all patches, install a firewall, and do system scans....

Just install Mandrake and be done with it. It isn't like they play games, is it? Sheesh.

You have no idea how tempting that sounds

 

[imported_Zeke]

on a more serious note, has anyone ever run into this blinking symptom before? once the blinks happen it seems to operate correctly.......

 

[SinNisTeR]

back up the actual data and reformat.

 

[AnonymouseUser]

Originally posted by: Zeke
on a more serious note, has anyone ever run into this blinking symptom before? once the blinks happen it seems to operate correctly.......

Actually, yes. It happens to me under XP with a Ti4200, and only started after updating the nVidia drivers (60 series). Not sure why it does this, though, but as soon as I boot XP the screen goes black for a couple of seconds then everything is fine.

 

[imported_Zeke]

I am running the 60 series, did you get one blink or two? I have two in a row that are very very brief

 

[AnonymouseUser]

Just one that lasts for ~3 seconds.

 

[imported_Zeke]

hmmm.....I have moved on from wanting to format and am now looking at reasonable options such as throwing it in the ocean and introducing it to my 15 pound sledge.

 

[Deskstar]

For $65 you can get online at ***egg a nice 80GB 7,200 rpm that runs like a champ. No extra charge for the sledge hammer for your old drive.

 

[mechBgon]

I've been working on an advice page for both initial setup and ongoing prevention of malware, and that is here. My focus there is on the fundamentals, hardening the OS and user accounts first as the foundation, and working from there up, instead of trying to hide the vulnerabilities under 50 Band-Aids.

Along with the more conventional preventive measures (anti-spyware apps, different browsers, patching, etc), you want to

1) secure the Administrator-class accounts with strong passwords to prevent Trojans and worms from doing a no-brainer exploit of the Admin powers or the administrative shares

2) if at all possible, have the computer's users use Limited accounts for their daily usage, and break out those Admin powers only as needed

3) educate them about how spyware and adware gets into their systems in the first place, so they don't go installing FREE SMILIES FOR YOUR EMAIL!!! or whatever "free" come-on is being used as bait

4) I would also install an antivirus program that recognizes spyware/adware. Norton Antivirus 2004 and 2005 and McAfee 8.0 and 9.0, I know they do. And fully configure them, like I tried to emphasize in my advice page there... don't leave it in Nerf mode


HTH