Odd System Performance and Appearance of Undesirable Image during boot

This Acer laptop is performing slowly and since downloading files recently there is a new and objectionable image that displays during the boot process.

I have run memorywatcher uninst.exe and Ad-Aware. I deleted all objects found by Ad-Aware and rebooted the system.

I ran HijackThis. The log is listed below.

Your help with this will be appreciated.ùù

crmurr

 

Hello crmurr,

I am not seeing your HJT log. Could you copy and paste it again here.

 

I was in the "Ready, Fire, Aim" mode when I posted.

Sorry.

Here is the log:
Logfile of HijackThis v1.97.7
Scan saved at 12:12:40 PM, on 6/16/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\File comuni\Symantec Shared\SymTray.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\rmctrl.exe
C:\Programmi\Iomega HotBurn Pro\Autolaunch.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\CyberBuddy\CyberBud.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Tiziano\Desktop\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bispado.org.br/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programmi\E-Book Systems\FlipAlbum 5 Pro Eval\fplaunch.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINNT\system32\rmctrl.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Programmi\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PowerDVD] C:\Programmi\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CyberBuddy.lnk = C:\Programmi\CyberBuddy\CyberBud.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38149.3989699074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF874F2D-4CA6-43F3-B9B2-2D2D28A57201}: NameServer = 10.0.0.1

 

Hello,

I am not seeing much with your log.

Start by going to this link: (It will tell you how to delete your temp files)
http://www.personal-computer-tutor.com/deletingtempfiles.htm

Empty the recycle bin.

Delete the contents of the "temp internet files" folder and completely delete the cache folders by doing this:

Open Internet Explorer. Then click on TOOLS in the top toolbar. Click on "Internet Options..." from the drop-down menu.
A new smaller window will display. Under the "General" tab, in the middle, are 3 buttons.
Click the Delete Cookies button - then a small warning box pops up. Click OK.
Click the Delete Files button - a small warning box pops us. Check the box for "Delete all offline content" and click OK.
Then on the same General tab, click Clear History, then click OK.


Download Spybot S&D Check for Updates first, download ALL Updates and Do a Scan. When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

Let me know how that goes and if that helps.

 

Taz, thanks for the guidance.

I ran the procedures you specified. There were about 40 temporary files and folders identified in the search using the wildcards provided by the recommended website. About a dozen of those would not allow deletion but disappeared after rebooting.

There were apparently a lot of Temp Internet Files that were deleted from IE; it took about a minute for the deletion to finish. No problem with deleting cookies and history in IE.

Spybot identified only two items and removed them. We had run Ad-Aware prior to posting the Hijack log yesterday.

The objectionable image still appears during part of the boot process ( before Desktop icons appear ). It also appears after pressing Ctl-Alt-Delete.

Do you have any guidance on where to look for the offending image?

The performance of the system continues to be very sluggish, but there is a lot of stuff installed and a number of items that start when the system boots.

Thanks again and hope to hear from you about the continuing issue.

crmurr

 

Hi crmurr,

Can you find desktop.ini , open it in notepad and post the content.

Regards,

Pieter

 

Pieter,

Sorry for the delayed response.

When I opened Desktop Properties and looked at the list of screen background files there was nothing unusual. I then set the background to <None>. After that change the offending background image no longer appeared.

I do not have access to the problem system right now. I will get the desktop.ini at the next opportunity and post.

Thanks,

crmurr