HJT Log System Slow Disk Busy

Author	All Replies
RJHere join:2004-11-17	HJT Log System Slow Disk Busy My laptop started to suddenly run slow. When it is slow the disk light is on constantly. I used the task manager utility to check the processed when this is happening. There is no process using very much CPU only the disk is busy and using task manager I am not able to find a process that is making the disk busy. I have Symantec antivirus install and I ran a scan but found nothing. I ran Spybot S&D and it found DoubleClick, FunWeb, FunWebProducts, MyWay.MyWebSearch, MyWebSearch, Web Trends Live and Wild Tangent. I uninstalled Wild Tangent and let Spybot fix the other problems. I then ran Ad-Aware se and it found MyWebSearch and I had it fix that. Then I ran the web-based McAfee antivirus and it found nothing. I ran the web-based Trendmicro Housecall and it found cookies and nothing elese. Then I ran CWShredder and nothing was found. The problem persists so I ran HJT and this is the log that it produced. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:29 AM, on 4/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »us.rd.yahoo.com/customize/ie/def···rch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »us.rd.yahoo.com/customize/ie/def···ahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Search - ?p=ZU O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - »wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - »www.kaspersky.com/kos/eng/partne···code.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »update.microsoft.com/windowsupda···46690671 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9445 bytes I hope that this information is helpful for solving my problem. Thanks
RJHere join:2004-11-17	to forum · permalink · · 2008-04-09 08:51:54 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL moderated: April 9th, @06:22PM	No hiding infection there :) The MyWebSearch mostly likely came pre-installed on your Dell computer. It is best removed via the Control Panel under Add/Remove programs - although it is not harmful really,nor the cause of your symptoms. But the scanners did not completely remove it (possibly because you may have had your browser open during scanning). And some do not detect it because it is not harmful or malicious. See if this is listed in your Add/Remove programs and remove it from there (with all browsed closed) MYWEBSEARCH BAR Then reboot the PC After reboot, scan with HijackThis and if the following entries are still present, you can checkmark these two and press the fix checked button. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S Subsequently delete the following folder, if found: C:\PROGRAM FILES\MYWEBSEARCH BAR ........... And on a side note (not related at to your problem) is that your Sun Java is very outdated and security risk. Old versions left on your pc, even after updating can be vulnerable to malware exploit. Go to Start / Control Panel and look in Add/Remove programs. Remove all old versions of Sun Java. They will appear in the "J's" something similar to: j2re1.4.2_05 or JAVA 2 RUNTIME ENVIROMENT SE V1.4.2_03 JAVA 2 RUNTIME ENVIROMENT SE V.14.2_06 (or similar, and there may be more than one. Remove them all) Then go get the latest up to date version here: http://www.java.com/en/download/manual.jsp Here's why removing old versions of Sun Java is important: Potential Vulnerability with Sun Java auto update http://www.dslreports.com/forum/remark,14738046 This is a vulnerability in that Sun Java new updated versions do not remove prior vulnerable versions. You will have to remember to do that manually whenever you update your Sun Java. ............ We could take a little deeper look to ensure there is nothing hiding with this free tool. Please post the logs it makes back here for review: Download Deckard's System Scanner (DSS) http://www.techsupportforum.com/sectools/Deckard/dss.exe Save the file to your Desktop. Note: You must be logged onto an account with administrator privileges. []Close* all applications and windows. []Double-click* on dss.exe to run it, and follow the prompts. []When the scan is complete, two text files will open - main.txt* [color=Red]extra.txt[color=Red](Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2008 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2008-04-09 18:13:04 ·
RJHere join:2004-11-17	Thanks for the help on this problem. I was stupid, I should have checked the hardware first. The problem is that there is a bad block on the hard drive. As you stated at the top "No hiding infection there ". This made me think about the problem and look a little deeper, but I should have done this first. I do very much appreciate the time you took with this problem. I will also take advantage of the suggestions for updating the java runtime. Thanks again, problem fixed.
RJHere join:2004-11-17	to forum · permalink · · 2008-04-11 09:19:56 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to RJHere Glad to hear you found the problem And I'm glad your system isn't infected too!
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	to forum · permalink · · 2008-04-14 21:22:01 ·


Sunday, 27-Jul 00:54:17	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com.republican-creole page compression OFF