Hijack this log - slow startup on computer

Status
Not open for further replies.

gubar

Posts: 105   +0
Hi,

computer has been very slow on startup recentley (gets to desktop quick enough, but a take some minutes to be workable there). I have recentley tried to install google earth - without success - and then manually tried to remove google update. Also manually had to remove I iget. Neither has speeded my comp up though.

I am running tyan k8we with 2 x opteron 280s, 4 gigs ram, 9800gtx+ and vista 64 business.

Any advice appreciated - I have included a hijack this log here in the hope that it helps.

Regards,

Gubar


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:08, on 23/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Users\Home\Downloads\Renamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)

\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2

\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA

Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10

\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1

\Office10\EXCEL.EXE/3000
O9 - Extra button: Extract Flash Video with Bytescout... - {65F7EB5E-9A2D-4DE1-AC63-

37E3133C04DB} - C:\Program Files (x86)\Bytescout SWF To Video Scout\flashextract_ie.html (file

missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1

\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-

A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -

C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)

\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program

Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program

Files (x86)\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd -

C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file

missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner -

C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)

\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HoudiniLicenseServer - Unknown owner - C:\Windows\system32\sesinetd.exe (file

missing)
O23 - Service: HoudiniServer - Unknown owner - C:\Windows\system32\hserver.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file

missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero

BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32

\nvvsvc.exe (file missing)
O23 - Service: Pixar Alfred Server 13.5.2 - Unknown owner - C:\Program Files (x86)

\Pixar\RenderManProServer-13.5.2\bin\alfserver.exe
O23 - Service: Pixar License Server 5.0.2 - Unknown owner - C:\Program Files (x86)

\Pixar\license-5.0.2\PixarLicenseServer.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -

C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. -

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner -

C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -

C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation -

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -

C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -

C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -

C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -

C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -

C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) -

Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9149 bytes
 
Welcome to TechSpot Gubar. Unfirtunately hijackThis doesn't work well with Vists 64bit. I do see a malware problem.

Please disable the Real Time Protection TeaTimer as it can interfer with the scans: Use the method that works best with your system.
Spybot Search & Destroy TeaTimer
There are two ways to disable TeaTimer

1)
  • Launch Spybot Search & Destroy
    icon_Spybot_-_Search_and_Destroy.png
  • In the Menu, Select Mode and choose Advanced Mode
  • Click Yes in the confirmation dialogue box
  • click on Tools to expand the menu. Make sure that Resident is checked and then click Resident in the left pane.
  • In the right pane uncheck Resident "Tea timer" (Protection of over-all system settings) to disable it.
  • Uncheck the TeaTimer box and OK any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (Once you are clean, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

2)
  • Right click the TeaTimer icon in the system Tray
    MHoTT005.gif
  • Then click Exit Spybot-S&D Resident
  • (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Please download MGTools here: http://forums.majorgeeks.com/showthread.php?t=137630

It is lengthy, but will give us the information we need. So instead of leaving a link, I would like you to follow the steps on the site.

You will end up with a file named MGLogs.zip that I would like you to attach in the next reply.

Have you run a scan with Spybot? What were the results? Are you having any more specific problem other than 'slow'?
 
Hello,

thanks for the replies. I have carried out the instructions in the previous post and attached the zip file here.

In answer to your questions, I have run spybot search and destroy and it has found no problems, neither has Avira. Apart from the very slow startup my computer is in perfect working order. I use it regularly for 3D software, compositing and gaming and it is fine.

Also, sorry about the full pasted text in my previous post.

Thanks again,

cheers

Gubar
 

Attachments

  • MGlogs.zip
    185 KB · Views: 7
Gubar, that is one big piece of information! It's taking me a bit to get through. One thing I notice is that you have a large number of temp files. How about removing them?


TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Then run an online AV scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

You can attach the Eset log if anything if found. In the meantime, I'll finish going through the zipped files.

Thanks for your patience.
 
Thank you for taking the time to do this, will carry out the steps you advise and post back,

cheers

gubar
 
Hello,

I have ran the temp file cleaning tool, and ran the scan - the only detection by the scan was mgtools itself, which I presume was a false positive.

Guess that malware is not the cause of my problem, at least I hope not (perhaps you will find something more in the scan resluts).

thanks again,

gubar
 
gubar, I notice that you have Vuze which is a P2P program:

2009-10-17 14:47:24 C:\Program Files (x86)\Vuze>> Azureus, now called Vuze : Bittorrent Client

P2P (person to person) programs are also called 'file sharing' programs.In earlier computer days, these programs did not have much threat. But as they progressed, so did the dangers of using them. For that reason, we do not permit discussion of this type of program, not do we support it. The exception is to suggest you uninstall and P2P programs for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

It took a while but I think this might be the reason for the delay:

It takes a long time to log on to a Windows Vista-based computer that has antivirus software installed, and you notice that the size of the Setupapi.app.log file is very large

Please refer to THIS Microsoft site and get the Hotfix that is available.

There are 66 processes running in the Task Manager. This is going to slow you down. Some are there because the program or app is on the Startup men. Some are there because they were started by a Service. Some were started from the Registry. But no matter where they started from, they are going to have to load, then run in the background, then shut down. The more there are, the slower it goes.

I see multiple games running, multiple languages loaded and many customizing processes running.

Try using the msconfig utility to reduce the number of processes starting on boot:
http://www.netsquirrel.com/msconfig/msconfig_vista.html

Customize the Services using Black Viper's site:

Look through Add/Remove Programs. If you see anything you don't need/use or want, uninstall it.
If you have multiple versions of the same program or app, in general you only need the most current. An exception might be the NET installs
  • Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
  • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

See if you can significantly do anything to the above that affects the slowdown.
 
Status
Not open for further replies.
Back