PDA

View Full Version : Boot time -40 minutes!???!



Deadshot
04-15-2004, 03:46 PM
Hi folks,

I have an Windows XP Corporate edition desktop that is now taking 35-40 minutes to boot up. I have used Diskkeeper to do a boottime defrag before and this helps for a few weeks but then this problem returns. Does anybody have any ideas on why this is happening and if so what I can do to fix this?

Thanks,

Deadshot

PrntRhd
04-15-2004, 07:30 PM
I would do full scans for AV,
Then Spybot/Adaware,
then HJT and post a log here.
I assume all Windows updates are done and drive is not full?

Deadshot
04-15-2004, 10:25 PM
I have done spybot/adaware scans and eliminated everything I could find wrong there.
I did all the windows updates except sp1. It keeps telling me that the kernel is not a windows file (?).
I will post a HJT log as soon as the av scan is done.

Thanks,

Deadshot

Deadshot
04-15-2004, 10:32 PM
Here is the HJT log:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avast4\aswUpdSv.exe
E:\Program Files\Avast4\ashServ.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
L:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\Fast.exe
E:\program files\Symantec\WinfaxPro\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ssmypics.scr
C:\WINDOWS\System32\fast.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
E:\PROGRA~1\Avast4\ashDisp.exe
E:\Program Files\iHateSpam Outlook Express\iHateSpam Outlook Express Edition\piiserviceOE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Avast4\ashSimpl.exe
M:\Downloading Files DC\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 1.EXE /P32 "EPSON Stylus C42 Series (Copy 1)" /O6 "USB002" /M "Stylus C42"
O4 - HKLM\..\Run: [fsnopzic] C:\WINDOWS\System32\zxzvmyxy.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [piiserviceOE] "E:\Program Files\iHateSpam Outlook Express\iHateSpam Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\Quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37459.5323842593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Hopefully, this stuff means more to you than it does to me. :)

Thanks,

Deadshot

PrntRhd
04-15-2004, 10:44 PM
Nice try anyway,
Please extract HJT to a folder in somewhere like My Documents or other safe place and run it from there, this log is not telling us all we need to know yet. Please do not fix anything until experts here review the log and let you know what to delete.
:)

Here is a sample of what it should look like: my xp (http://www.pcguide.com/vb/showthread.php?s=&threadid=29113)

Deadshot
04-15-2004, 10:53 PM
I ran HJT from my documents and it produced an identical log as the one I previously posted. Is there something I need to set differently?


Deadshot

Deadshot
04-15-2004, 11:12 PM
I ran HJT from my documents and it produced an identical log as the one I previously posted. Is there something I need to set differently?


Deadshot

PrntRhd
04-15-2004, 11:25 PM
One of the forums' HJT experts will see this post and will post what needs doing differently. A few hours perhaps.

Deadshot
04-15-2004, 11:25 PM
Sorry about the double post. Not sure how that happened.

I was checking My Computer and I noticed that my computer is showing that I have 640MB of RAM. I understood that this computer could only have 512MB. Could this have any effect on the system?


Deadshot

Fruss Tray Ted
04-15-2004, 11:27 PM
Your post was only lacking the first 2 lines of the report. No big deal.

You don't have SP-1 for IE6 installed. Get it pronto. Redownload it if possible. Reboot if need be to get it to download. Purging TIF files, History and cookies may help.

Did Spybot and AdAware find anything? Did you run A/V scans?

I didn't see anything obviously bad about the report but I'm no expert on them. Wait for another member for reassurance.

Have you tried Black Viper's site for tweaking XP?

Deadshot
04-15-2004, 11:32 PM
SP-1 for IE6? That is weird. I ran the windows update on the computer earlier this evening (which took forever!) and I did all the updates except Windows Service Pack 1 which kept giving me the error that the kernel wasn't a windows file. All other updates were done.
Spybot and Adaware didn't find anything other than a few cookies that I am familiar with.

I cleaned out all the temp files, and most of my cookies (all the ones I didn't recognize). When I ran diskkeeper it says that I only have 8% space on my c drive (its a 9GB partition). Also, I have noticed that RAM amount I mentioned earlier.

I am in the process of a thorough a/v scan of the system with the most uptodate virus definitions. Will post the results as soon as it completes but it has found nothing thus far.


Deadshot

PrntRhd
04-15-2004, 11:37 PM
When I ran diskkeeper it says that I only have 8% space on my c drive (its a 9GB partition).
Might be the problem if you have System Restore points filling the hard drive?

Figure you may have been copying and pasting from the application instead of a saved log in Notepad for the logs you posted.

Abbadon
04-16-2004, 03:23 AM
Originally posted by Deadshot
[B]...except Windows Service Pack 1 which kept giving me the error that the kernel wasn't a windows file...]

I've run into this one a few times as well. In all cases it was because the installation of Xp was done from a cracked version that had the activation feature removed. You'd be able to get all the updates, except the service packs.

There migth of course be yet another cause for this to happen.

david eaton
04-16-2004, 03:45 PM
From your log, I see that you have Messenger2 installed. This brings along it's little friends!

Fix these entries in your Hijack this log. Ensure that all other windows are closed before fixing.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O4 - HKLM\..\Run: [fsnopzic] C:\WINDOWS\System32\zxzvmyxy.exe

Reboot, and delete the file C:\WINDOWS\System32\zxzvmyxy.exe.

Deadshot
04-16-2004, 11:15 PM
Okay, I did a thorough virus scan, deleted two viruses it found.
Opened up the case and reseeded my ram. I deleted the files from the HJT file. Did another scan with spybot and adware (both clean). I went to blackviper and set the desktop to safe mode services he suggested.

My boot time is now 37 secs!


Thanks to everyone who helped me out. Much appreciated!


Deadshot