TechSpot

Hijack this log - slow startup on  computer

By gubar
Oct 23, 2009
  1. Hi,

    computer has been very slow on startup recentley (gets to desktop quick enough, but a take some minutes to be workable there). I have recentley tried to install google earth - without success - and then manually tried to remove google update. Also manually had to remove I iget. Neither has speeded my comp up though.

    I am running tyan k8we with 2 x opteron 280s, 4 gigs ram, 9800gtx+ and vista 64 business.

    Any advice appreciated - I have included a hijack this log here in the hope that it helps.

    Regards,

    Gubar


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:01:08, on 23/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
    C:\Users\Home\Downloads\Renamed.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)

    \Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2

    \SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0

    \Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
    O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA

    Precision\EVGAPrecisionWrapper.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search &

    Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

    (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

    (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

    (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe

    Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10

    \OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1

    \Office10\EXCEL.EXE/3000
    O9 - Extra button: Extract Flash Video with Bytescout... - {65F7EB5E-9A2D-4DE1-AC63-

    37E3133C04DB} - C:\Program Files (x86)\Bytescout SWF To Video Scout\flashextract_ie.html (file

    missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1

    \SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-

    A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

    http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe

    Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -

    C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

    Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)

    \Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program

    Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program

    Files (x86)\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd -

    C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner -

    C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)

    \Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common

    Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: HoudiniLicenseServer - Unknown owner - C:\Windows\system32\sesinetd.exe (file

    missing)
    O23 - Service: HoudiniServer - Unknown owner - C:\Windows\system32\hserver.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file

    missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero

    BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common

    Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32

    \nvvsvc.exe (file missing)
    O23 - Service: Pixar Alfred Server 13.5.2 - Unknown owner - C:\Program Files (x86)

    \Pixar\RenderManProServer-13.5.2\bin\alfserver.exe
    O23 - Service: Pixar License Server 5.0.2 - Unknown owner - C:\Program Files (x86)

    \Pixar\license-5.0.2\PixarLicenseServer.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

    C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -

    C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. -

    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner -

    C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -

    C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

    C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation -

    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -

    C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -

    C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -

    C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -

    C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -

    C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) -

    Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9149 bytes
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot Gubar. Unfirtunately hijackThis doesn't work well with Vists 64bit. I do see a malware problem.

    Please disable the Real Time Protection TeaTimer as it can interfer with the scans: Use the method that works best with your system.
    Spybot Search & Destroy TeaTimer
    There are two ways to disable TeaTimer

    1)
    • Launch Spybot Search & Destroy [​IMG]
    • In the Menu, Select Mode and choose Advanced Mode
    • Click Yes in the confirmation dialogue box
    • click on Tools to expand the menu. Make sure that Resident is checked and then click Resident in the left pane.
    • In the right pane uncheck Resident "Tea timer" (Protection of over-all system settings) to disable it.
    • Uncheck the TeaTimer box and OK any prompts.
    • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    • Exit Spybot S&D when done.
    • (Once you are clean, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

    2)
    • Right click the TeaTimer icon in the system Tray [​IMG]
    • Then click Exit Spybot-S&D Resident
    • (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

    Please download MGTools here: http://forums.majorgeeks.com/showthread.php?t=137630

    It is lengthy, but will give us the information we need. So instead of leaving a link, I would like you to follow the steps on the site.

    You will end up with a file named MGLogs.zip that I would like you to attach in the next reply.

    Have you run a scan with Spybot? What were the results? Are you having any more specific problem other than 'slow'?
     
  4. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Hello,

    thanks for the replies. I have carried out the instructions in the previous post and attached the zip file here.

    In answer to your questions, I have run spybot search and destroy and it has found no problems, neither has Avira. Apart from the very slow startup my computer is in perfect working order. I use it regularly for 3D software, compositing and gaming and it is fine.

    Also, sorry about the full pasted text in my previous post.

    Thanks again,

    cheers

    Gubar
     

    Attached Files:

  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Gubar, that is one big piece of information! It's taking me a bit to get through. One thing I notice is that you have a large number of temp files. How about removing them?


    TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

    Then run an online AV scan:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    You can attach the Eset log if anything if found. In the meantime, I'll finish going through the zipped files.

    Thanks for your patience.
     
  6. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Thank you for taking the time to do this, will carry out the steps you advise and post back,

    cheers

    gubar
     
  7. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Hello,

    I have ran the temp file cleaning tool, and ran the scan - the only detection by the scan was mgtools itself, which I presume was a false positive.

    Guess that malware is not the cause of my problem, at least I hope not (perhaps you will find something more in the scan resluts).

    thanks again,

    gubar
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    gubar, I notice that you have Vuze which is a P2P program:

    2009-10-17 14:47:24 C:\Program Files (x86)\Vuze>> Azureus, now called Vuze : Bittorrent Client

    P2P (person to person) programs are also called 'file sharing' programs.In earlier computer days, these programs did not have much threat. But as they progressed, so did the dangers of using them. For that reason, we do not permit discussion of this type of program, not do we support it. The exception is to suggest you uninstall and P2P programs for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    It took a while but I think this might be the reason for the delay:

    It takes a long time to log on to a Windows Vista-based computer that has antivirus software installed, and you notice that the size of the Setupapi.app.log file is very large

    Please refer to THIS Microsoft site and get the Hotfix that is available.

    There are 66 processes running in the Task Manager. This is going to slow you down. Some are there because the program or app is on the Startup men. Some are there because they were started by a Service. Some were started from the Registry. But no matter where they started from, they are going to have to load, then run in the background, then shut down. The more there are, the slower it goes.

    I see multiple games running, multiple languages loaded and many customizing processes running.

    Try using the msconfig utility to reduce the number of processes starting on boot:
    http://www.netsquirrel.com/msconfig/msconfig_vista.html

    Customize the Services using Black Viper's site:

    Look through Add/Remove Programs. If you see anything you don't need/use or want, uninstall it.
    If you have multiple versions of the same program or app, in general you only need the most current. An exception might be the NET installs
    • Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    See if you can significantly do anything to the above that affects the slowdown.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...