| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 100154 | 2009-05-28 01:11:00 | reallly slow boot | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 777563 | 2009-05-28 01:11:00 | Windows XP SP2 P4 2.8Ghz 1 Gb ram 80Gb hdd boots to the desktop picture - then hangs for approx 5 minutes, then the icons appear and everything seems to operate fine from there. I have: chkdsk /r : no change checked ram: passed checked hdd: passed Malwarebyytes: removed Hijack.controlpanelstyle did a repair install from the Windows XP cd Comondo registry: 945 any suggestions on speeding up the boot Thank you |
NZHawk (4093) | ||
| 777564 | 2009-05-28 01:16:00 | You should be careful, with registry cleaners. Some do more damage than good. Use something better than comodo registry cleaner. Its probably wiped something that was needed. Use something like glary utilties. It may do a better job | Speedy Gonzales (78) | ||
| 777565 | 2009-05-28 02:29:00 | Ran garyutilities and still takes a long time through the complete boot. | NZHawk (4093) | ||
| 777566 | 2009-05-28 02:32:00 | If you havent posted a hjt log for this pc before, post it now | Speedy Gonzales (78) | ||
| 777567 | 2009-05-28 02:36:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:36:58 p.m., on 28/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe C:\WINDOWS\system32\wscntfy.exe C:\heap41a\svchost.exe C:\heap41a\svchost.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe C:\Program Files\MINDAlink\mlp_manager.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Brownie\brpjp04a.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Documents and Settings\New user\Desktop\2 Cleaning Tools\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www,grabaseat.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe" O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKLM\..\Policies\Explorer\Run: [status] present O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: FirebirdGuardianDefaultInstance - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE O23 - Service: FirebirdServerDefaultInstance - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5777 bytes |
NZHawk (4093) | ||
| 777568 | 2009-05-28 02:46:00 | You've got something. Tick these then tick fix checked. Disable system restore. Close browsers. May pay to update windows after as well This is a worm (www.sophos.com) If you use usb flash drives on this system, DON'T connect anything to it, until you fix this Delete this folder AFTER C:\heap41a\svchost.exe C:\heap41a\svchost.exe Uninstall Askbar O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Policies\Explorer\Run: [status] present O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') Get another virus scanner, get trojan remover after you tick the above, do another scan, then select all options under utilities As the Sophos site says: <Temp>\MicrosoftPowerPoint\2.mp3 - can be safely removed <Temp>\MicrosoftPowerPoint\drivelist.txt - can be safely removed <Temp>\MicrosoftPowerPoint\Icon.ico - can be safely removed <Temp>\MicrosoftPowerPoint\Install.txt - detected as W32/AHKHeap-A <Temp>\MicrosoftPowerPoint\pathlist.txt - can be safely removed <Temp>\MicrosoftPowerPoint\svchost.exe - can be safely removed C:\heap41a\2.mp3 - can be safely removed C:\heap41a\drivelist.txt - can be safely removed C:\heap41a\Icon.ico - can be safely removed C:\heap41a\reproduce.txt - detected as W32/AHKHeap-A C:\heap41a\script1.txt - detected as W32/AHKHeap-A C:\heap41a\std.txt - detected as W32/AHKHeap-A C:\heap41a\svchost.exe - can be safely removed C:\heap41a\offspring\autorun.inf - detected as W32/AHKHeap-A W32/AHKHeap-A attempts to periodically copy itself to removeable drives and USB keys. The worm will attempt to create a hidden file Autorun.inf on the removeable drive and copy itself to the removeable drive as MicrosoftPowerPoint.exe. The file Autorun.inf is designed to start the worm once the removeable drive is connected to a uninfected computer. The following registry entries are set to run W32/AHKHeap-A on startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run status present HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run winlogon C:\heap41a\svchost.exe C:\heap41a\std.txt The following registry entry is set: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 0 |
Speedy Gonzales (78) | ||
| 777569 | 2009-05-28 03:56:00 | WHY YOUR PC SLOWS DOWN OVER TIME 1) Not enough RAM, Win XP needs 512mb to run properly, Vista should have at least 1GB. 2) Spyware. 3) Windows Bloat The longer you use Windows, the more disordered your registry can become, especially if you regularly install and uninstall software. Many applications, on being uninstalled, leave behind “orphan” registry entries. They don’t remove all traces of themselves; causing problems such as sluggish performance, system lockups, or a bloated registry that takes longer to load on startup. Also the NTFS file system contains a file called the master file table (MFT). There is at least one entry in the MFT for every file on an NTFS volume, including the MFT itself. All information about a file, including its size, time and date stamps, permissions, and data content is either stored in MFT entries or in space external to the MFT but described by the MFT entries. As files are added to an NTFS volume, more entries are added to the MFT and so the MFT increases in size. When files are deleted from an NTFS volume, their MFT entries are marked as free and may be reused, but the MFT does not shrink. Thus, space used by these entries is not reclaimed from the disk. Utilities that defragment NTFS volumes cannot move MFT entries, and excessive fragmentation of the MFT can impact performance. Therefore the only cure for bloat is to wipe the PC and do a fresh install of Windows from scratch. |
pctek (84) | ||
| 777570 | 2009-05-28 04:15:00 | Is there any utilities that will remove "free" MFT entries. | NZHawk (4093) | ||
| 777571 | 2009-05-28 04:16:00 | I wouldnt worry about MFT entries till you remove that worm / tick those entries | Speedy Gonzales (78) | ||
| 777572 | 2009-05-28 04:19:00 | could someone re-review this HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:09:38 p.m., on 28/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MINDAlink\mlp_manager.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Brownie\brpjp04a.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\New user\Desktop\2 Cleaning Tools\Hijack This\HijackThis.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: FirebirdGuardianDefaultInstance - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE O23 - Service: FirebirdServerDefaultInstance - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6186 bytes Thank you |
NZHawk (4093) | ||
| 1 2 3 | |||||