TechSpot

Own Build Desktop slow on startup, slow to open programs

By olliemcallister
Apr 9, 2008
  1. Hi again (probably kritius!)

    After the great work on my laptop, my mum asked me if I (or, rather, TS) could take a look at her desktop PC that I built a couple of years ago for her.

    It's always really slow to start-up (although wasn't up until about twelve or so months ago) and some programs like Word and IE, and areas like the Control Panel and My Computer, can take longer than normally expected to open.

    I've run HJT - and attach as a file for you.

    Thanks for the help!
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Looking now.
     
  3. kritius

    kritius TS Guru Posts: 2,084

    Create an uninstall list
    • Launch Hijackthis
    • Click the Open the Misc Tools section button
    • Click the Open Uninstall Manager button.
    • Click the Save list button.
    • Attach this log into your next reply

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bhmoubgg.exe
    O4 - HKLM\..\Run: [Microsoft Time Manager] dveldr.exe
    O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
    O4 - HKLM\..\RunServices: [Microsoft Time Manager] dveldr.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')


    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Delete Files and Folders
    • Right Click on the start button and chose explore
    • Show all hidden files and folders, see how HERE
    • Navigate to the following files and folders and delete them(if still present)
    C:\WINDOWS\System32\bhmoubgg.exe<---------This File
    • Empty the recycle bin.
    If that does not work then repeat the process in safe mode. See how to boot into Safe mode HERE.
    ***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***

    Find and Delete Suspect File
    Using Start > Search > All Files and Folders
    Click Advanced Options and make sure the following are ticked Search system folders, Search hidden files and folders, Search subfolders
    Enter dveldr.exe and wuam.exe in the 'All or part of file name' box
    Select C: in the 'Look in' dropdown box
    Click Search Now
    Right-click on dveldr.exe and wuam.exe and select Delete
    Repeat for each copy of the file
    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

    ATF Cleaner

    • Download and Run ATF Cleaner
      Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

      Under Main choose:

      • Windows Temp
        Current User Temp
        All Users Temp
        Temporary Internet Files
        Java Cache

        *The other boxes are optional*
        Then click the Empty Selected button.
      if you use Firefox:

      • Click Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
      if you use Opera:

      • Click Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

      Click Exit on the Main menu to close the program

    Download and Run ComboFix
    • Download this file to your desktop from either of the two below listed places :

      HERE or HERE
    • Then double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Attach that log in your next reply
    WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  4. olliemcallister

    olliemcallister TS Rookie Topic Starter Posts: 23

    Okay - done!

    Couldn't find any of the three files when scanning for them, but I did the other steps.

    Attached is the Uninstall List, the log file requested, and a fresh HJT scan.
     
  5. kritius

    kritius TS Guru Posts: 2,084

    They look good, lets see what ekse may be in there, how is the computer running anyway?

    Download and Install SuperAntiSpyware Free
    • Launch SuperAntiSpyware
    • Click Check for Updates and update to the latest definitions.
    • Click Scan your Computer
      • Check all boxes in the Scan Location box.
      • Check the Complete Scan radio button.
      • Click Scanning Preferences/Control Centre button.
        • Uncheck Ignore files larger than 4MB (recommended)
        • Check Scan Alternate Data Streams.
        • Click Close.
      • Click Next
    • SuperAntiSpyware will now scan your computer for infection. (This could take in excess of an hour depending on the number of files scanned)
    • When finished it will present you with a summary of its findings.
    • Click OK.
    • The Removal Screen will open.
      • Check the items in the list to mark them for Quarantine.
      • Click Next and SAS will Quarantine them.
    Please send me the log.
    • Click the Preferences button.
      • Click the Statistics/Logs tab.
        • Logs are listed by date and time, click on the latest one to highlight it (at the top).
        • Click View log.
      • This will open a log page.
      • Attach the log in your next post please.
    CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

    I would like you to do an online scan so that we can what else may be in your system,
    Run Kaspersky online scanner
    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
    Do not go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      o Scan using the following Anti-Virus database:
      o Extended (If available, otherwise use standard)
      o Scan Options:
      o Scan Archives
      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)

      [​IMG]
    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)

      [​IMG]
    • Include the report in your next post.

    Then post a fresh HJT scan.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...