Jump to content


Photo

Slow startup


  • This topic is locked This topic is locked
21 replies to this topic

#1 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 21 January 2008 - 11:33 AM

Hi,
my problem is that when I enter Windows (XP Home Edition), my desktop is showing and Norman Virus Protection starts up, but after that,
my PC seems to be starting other programs/applications (busy working) for about 3 minutes. Later it stays quiet and not busy.
I have had this problem for a long time now, and I have disabled many programs from the startup list, so I don't understand what might slow down the startup so much.
I doubt there's some kind of virus, and I also use Ad-Aware, SpyBot and CCleaner. Everything is fine with my computer except for the long startup.
Hope you can help me :rolleyes:

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 24 January 2008 - 05:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 09 February 2008 - 06:50 AM

Hi Veslemugg, and Welcome to SWI

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

You probably would have had a reply sooner, but you had not posted the minimum information that anyone would need to try to help you.

You should read the FAQ before proceeding. One of the things you would have seen there is that you need to post a HijackThis log.

Please do this.
Download 'Hijack This!':
http://www.trendsecu...p?page=download
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here.
Most of what it lists will be harmless or even essential, don't fix anything yet.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 12 February 2008 - 11:53 AM

Ok, and thank you for the reply.
Here is the report for the HijackThis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:05, on 12.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Launchy\Launchy.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187548692093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6809 bytes

#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 13 February 2008 - 05:31 AM

The delay is probably a combination of several things:
- Your antivirus looking for updates
- Your antivirus possibly doing a startup scan
- AVG Anti-Spyware looking for updates
- AVG Anti-Spyware doing a startup scan.
- Ad-Aware looking for updates.
- Ad-Aware doing a smart system scan at startup.

Those settings can be changed in the programs individual configurations. If you have a delay due to a startup scan, that's actually the safe setting, and stopping that scan would be a less than optimum solution.

You do have some empty registry entries that can be "fixed" with HijackThis.

But first, I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Please don't forget this step to disable teatimer.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4".
  • Click the "Download" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe that you downloaded to install the newest version.
Please post a new HijackThis log.
Did checking the configurations on those programs improve startup or did you decide to leave them as is?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 22 February 2008 - 05:18 AM

Hi.
Before pasting the second HijackThis log, I will point out that Ad-Aware is set to "don't do" a startup scan, and that I downloaded AVG after I read the whole FAQ. Therefore AVG can't be some of the reason, could it? I mean, maybe it makes the startup slower too, but do I really need AVG now when I have Norman (and have had it all the time)?
I left the Antivirus programs as they were. Also, I really appreciate your help on this! :thumbup:
Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:18, on 22.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Launchy\Launchy.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187548692093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6479 bytes

#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 22 February 2008 - 08:33 PM

Therefore AVG can't be some of the reason, could it? I mean, maybe it makes the startup slower too, but do I really need AVG now when I have Norman (and have had it all the time)?

When you installed AVG Anti-Spyware, did it detect anything that your current virus scanner didn't? If it did, you may want to keep it. It might make startup a bit slower, depending on the speed of your system, but did you notice a change after you installed it?

Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Save the file to your Desktop.
Disconnect from the Internet (pull the connection cable) <-- Important
Close your antivirus program and any anti-spyware programs you have running.

Double click combofix.exe & follow the prompts.
Don't click on the ComboFix window while its running; that could cause it to stall.
When finished, and after reboot, it should open a log, combofix.txt.
Post that log in your next reply along with a new HijackThis log.

After the system restarts, your antivirus should be running again.
If it isn't, restart it manually.
Reconnect to the Internet.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 24 February 2008 - 06:30 AM

Yeah, the AVG traced down some malware, so I'm keeping it! I did not notice any difference on the system startup, though. It still takes typically three minutes from the Windows XP login to my PC stays quiet and showing the desktop. My system is quick, and it has never taken much time to start my PC. I have AMD Athlon 64 3000+ processor and 512MB DDR RAM. Neither do I have a lot of programs installed.

Here are the two logs:

ComboFix 08-02-24.4 - Magnus Berg 2008-02-24 13:02:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.234 [GMT 1:00]
Running from: C:\Documents and Settings\Magnus Berg\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Magnus Berg\Programdata\addon.dat
C:\Documents and Settings\Magnus Berg\Programdata\SystemDoctor Free
C:\Documents and Settings\Magnus Berg\Programdata\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\Magnus Berg\ResErrors.log
C:\Programfiler\Fellesfiler\SystemDoctor
C:\WINDOWS\system32\dllcache\klog.dat

.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-24 11:29 . 2008-02-24 12:58 <DIR> dr-h----- C:\Documents and Settings\Magnus Berg\Siste
2008-02-22 11:52 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-22 11:50 . 2008-02-22 11:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Java
2008-02-12 18:02 . 2008-02-12 18:02 <DIR> d-------- C:\Programfiler\Trend Micro
2008-02-12 15:19 . 2008-02-12 15:19 <DIR> d-------- C:\Documents and Settings\Magnus Berg\Programdata\Grisoft
2008-02-12 15:19 . 2008-02-12 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft
2008-02-12 15:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 17:05 . 2008-02-10 17:05 <DIR> d-------- C:\Programfiler\Launchy
2008-02-10 17:05 . 2008-02-10 17:05 <DIR> d-------- C:\Documents and Settings\Magnus Berg\Programdata\Launchy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 10:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-02-22 10:52 --------- d-----w C:\Programfiler\Java
2008-02-21 22:21 --------- d-----w C:\Documents and Settings\Magnus Berg\Programdata\OpenOffice.org2
2008-02-10 16:09 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2008-02-09 16:49 --------- d-----w C:\Programfiler\Spybot - Search & Destroy
2008-01-30 14:59 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2008-01-29 11:27 --------- d-----w C:\Documents and Settings\Magnus Berg\Programdata\dvdcss
2008-01-17 18:10 --------- d-----w C:\Programfiler\PCPitstop
2008-01-17 18:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\PCPitstop
2008-01-13 19:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-01-13 19:40 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 16:47 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-01-11 16:47 --------- d-----w C:\Programfiler\NewSoft
2008-01-11 16:47 --------- d-----w C:\Programfiler\EMUSB2.0
2008-01-11 16:47 --------- d-----w C:\Programfiler\eMPIA
2008-01-11 16:47 --------- d-----w C:\Documents and Settings\Magnus Berg\Programdata\InstallShield
2007-12-30 20:03 --------- d-----w C:\Documents and Settings\Magnus Berg\Programdata\Creative
2007-12-27 00:46 --------- d--h--w C:\Programfiler\Creative Installation Information
2007-12-27 00:45 --------- d-----w C:\Programfiler\Creative
2007-12-27 00:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative
2007-12-14 14:31 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-08 18:31 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-08 18:31 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-07 01:08 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-30 14:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2005-09-23 22:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-09-30 20:36 23 --sha-w C:\WINDOWS\system32\affbbfbfcbb_g.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MtdAcqu"="C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe" [2006-03-08 07:56 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"WinPatrol"="C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 17:06 292152]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 23:08 49152]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Launchy.lnk - C:\Programfiler\Launchy\Launchy.exe [2008-02-10 17:05:13 274432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Documents and Settings\\Magnus Berg\\Mine dokumenter\\Spill\\Age of Empires I\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Documents and Settings\\Magnus Berg\\Mine dokumenter\\Spill\\Unreal Tournament\\System\\UnrealTournament.exe"=
"C:\\Team17\\Worms2\\frontend.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programfiler\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58030:TCP"= 58030:TCP:Pando P2P TCP Listening Port
"58030:UDP"= 58030:UDP:Pando P2P UDP Listening Port

R0 Achernar;Achernar - SCSI Command Filter Drivers;C:\WINDOWS\system32\Drivers\Achernar.sys [2007-02-05 11:15]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 USB28xxBGA;USB 2821 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 20:20]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 20:19]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 13:05:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 13:06:17
ComboFix-quarantined-files.txt 2008-02-24 12:06:14
.
2008-02-13 14:40:29 --- E O F ---



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:20, on 24.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe
C:\Programfiler\Launchy\Launchy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~2\MtdAcqu.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187548692093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6484 bytes

#9 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 24 February 2008 - 08:05 AM

I don't see anything else left to remove.

The slow boot may be due to a file that was deleted still trying to load from the registry.
Let's see if we can find it.

Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the "Enable Boot Logging" option and press Enter.

After your system finished booting, you will have a log at C:\Windows\ntbtlog.txt
Double-click on the log to open it with Notepad.
Take a look at the log.
Here's an example of what a successful loading will look like:

[00151C1F] Loading Device = C:\CDROM\OAKCDROM.SYS
[00151C5C] LoadSuccess = C:\CDROM\OAKCDROM.SYS

...and failure:

[00151E01] Dynamic load failed crlds3d.vxd : [00151E01] File not found
[00151E01] Dynamic load device crlds3d.vxd
[00151E01] Dynamic load failed crlds3d.vxd : [00151E01] File not found

In Notepad, with the log open, hit the F3 key (search), and enter failed.
Do you find anything that failed to load?
If you do, continue to search for all the failed items and copy/paste the lines for it/them where it tried to load (Loading), and then failed in your next reply.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#10 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 28 February 2008 - 03:29 PM

Sorry for answering late. My Windows is in Norwegian, but I found some drivers that did not load.
I will paste them here, and they all mean "driver was not loaded". The rest of the lines said "driver loaded". There were no "dynamic load failed" or "file not found" like in your examples.
Thanks!

Driver ble ikke lastet inn \SystemRoot\System32\Drivers\NDProxy.SYS
Driver ble ikke lastet inn \SystemRoot\System32\Drivers\lbrtfdc.SYS
Driver ble ikke lastet inn \SystemRoot\System32\Drivers\Sfloppy.SYS
Driver ble ikke lastet inn \SystemRoot\System32\Drivers\i2omgmt.SYS
Driver ble ikke lastet inn \SystemRoot\System32\Drivers\Changer.SYS
Driver ble ikke lastet inn \SystemRoot\System32\Drivers\Cdaudio.SYS
Driver ble ikke lastet inn \SystemRoot\system32\DRIVERS\kbdhid.sys
Driver ble ikke lastet inn \SystemRoot\System32\Drivers\PCIDump.SYS
Driver ble ikke lastet inn \SystemRoot\System32\DRIVERS\rdbss.sys
Driver ble ikke lastet inn \SystemRoot\System32\DRIVERS\mrxsmb.sys
Driver ble ikke lastet inn \SystemRoot\System32\DRIVERS\ipnat.sys

#11 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 29 February 2008 - 07:26 PM

Right-click on My Computer, select Properties, go to the Hardware tab, and click on Device Manager. In the Device Manager window, do you have any items with a yellow exclamation point? If you do, what are they?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#12 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 01 March 2008 - 11:29 AM

Yes, there is one. It's called 1394-network card #2.

#13 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 01 March 2008 - 12:05 PM

http://en.wikipedia.org/wiki/FireWire

FireWire is Apple Inc.'s brand name for the IEEE 1394 interface (although the 1394 standard also defines a backplane interface). It is also known as i.LINK (Sony's name) and DV (Panasonic's name, not to be confused with DV camcorder tapes).

Do you use a FireWire/IEEE 1394 interface for anything, such as an external video interface of drive of some sort?

I assume there is a 1394-network card #1?
You may have to click on the + to the left, but since you see it, and it has an exclamation point, that item may already be expanded.

If you don't use that interface for the second card, you have two options. You can either disable it, or you can manually attempt to change settings for it to not conflict with another device. If you double click on the device (or right-click and select Properties, it will probably say there is a problem with the device. If you click on the Resources tab, you may see options such as I/O Range, Memory Range, or IRQ that you can change is you use manual settings. If use automatice settings is not currently checked, check it, OK your way out, and restart your system, and go back and see if the yellow exclamation point has gone away.

If use automatic settings was already checked, you can uncheck it, and change the settings manually to find a configuration that does not conflict with another device, or that it can share with another device (some can share, others cannot).

If you have a manual for the interface card, you may find more information on changing settings there.

The other option, if you don't use that device, would be to disable it. To do that, you would double-click on the device in Device Manager, and at the bottom of the General tab, under Device usage, you can change the setting to Do not use this device (disable).

Which ever method you chose, restart your system, and go back into Device Manager. Do you still have the exclamation point?

I have AMD Athlon 64 3000+ processor and 512MB DDR RAM

As dave38 pointed out to me, that's probably the real reason for the slow startup. That's barely enough memory to run the operating system, and your system is probably frantically swapping memory out at startup. You need at least twice that much RAM as a minimum for the system to operate well with XP. I have 2 GB RAM with XP, and at times wish I had more. If I were ever to upgrade to Vista, I wouldn't do it with less than 4 GB on my system.
Did that help?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#14 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 03 March 2008 - 11:01 AM

I don't have a #1, and I find it strange that my PC would suddenly begin to use a lot of time on startups when I've had the same RAM memory all the time. Could it be that I have saved more data on my harddisk? I have about 30GB free, and the total disk space is 150GB. Not too long ago I ran a disc fragmentation. I have a camera, yes, which I haven't used in a while to transfer videos to my PC.
Now, I followed your second advice, because I could not find out how to do the first. Didn't understand it. So now there's a red x on the network card and no exclamation point.

#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 03 March 2008 - 09:10 PM

I don't have a #1, and I find it strange that my PC would suddenly begin to use a lot of time on startups when I've had the same RAM memory all the time. Could it be that I have saved more data on my harddisk? I have about 30GB free, and the total disk space is 150GB.

Earlier you said that you have had the problem for a "long time". I think the amount of RAM is the most likely culprit. You may have simply installed something that was more demanding on the system, and it make the problem more pronounced.

Now, I followed your second advice, because I could not find out how to do the first. Didn't understand it. So now there's a red x on the network card and no exclamation point.

That simply means that the device is disabled. If you ever do purchase a device that requires the IEEE 1394 port, you would need to turn it back on, and determine the cause of the problem and find a configuration that doesn't cause a conflict.

Go to start > run and copy and paste next command in the field:
ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Create a Restore Point
  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK
  • When Disk Cleanup opens, select the More Options tab
  • In the System Restore section (bottom of window), click Cleanup
    • In the confirmation window that opens, click Yes
  • Now click on the Disk Cleanup tab and select the following items:
    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Click OK
  • in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewa...uc/resource.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://forums.spywar...showtopic=60955

Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 04 March 2008 - 04:35 AM

I don't have a #1, and I find it strange that my PC would suddenly begin to use a lot of time on startups when I've had the same RAM memory all the time. Could it be that I have saved more data on my harddisk? I have about 30GB free, and the total disk space is 150GB.

Earlier you said that you have had the problem for a "long time". I think the amount of RAM is the most likely culprit. You may have simply installed something that was more demanding on the system, and it make the problem more pronounced.

Now, I followed your second advice, because I could not find out how to do the first. Didn't understand it. So now there's a red x on the network card and no exclamation point.

That simply means that the device is disabled. If you ever do purchase a device that requires the IEEE 1394 port, you would need to turn it back on, and determine the cause of the problem and find a configuration that doesn't cause a conflict.

Go to start > run and copy and paste next command in the field:
ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Create a Restore Point
  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK
  • When Disk Cleanup opens, select the More Options tab
  • In the System Restore section (bottom of window), click Cleanup
    • In the confirmation window that opens, click Yes
  • Now click on the Disk Cleanup tab and select the following items:
    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Click OK
  • in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewa...uc/resource.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://forums.spywar...showtopic=60955

Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 23 March 2008 - 12:01 PM

Since the issue appears to be resolved this Topic is closed.
[Reopened]

Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 29 May 2008 - 04:45 PM

Reopened at request of topic owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 29 May 2008 - 05:15 PM

Please post an updated HijackThis log and let me know what the continuing problem is.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 Veslemugg

Veslemugg

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 30 May 2008 - 01:42 PM

Hi again, Joker!
I have good news. It has taken a while, because I have been quite busy, and didn't have much time for computer problems.
So I just re-installed my Windows XP, and my PC is a lot faster, as good as new! I just think it needed a clean up, even though the slow startup was the only issue.
Thanks for helping me, anyway! :rolleyes:

#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 31 May 2008 - 05:01 AM

If you did a new install, there are a few settings to change.

Please check your ActiveX security settings (Start -> Settings -> Control Panel -> Internet Options, Security Tab -> Internet -> Custom Level) and reset as recommended:

ActiveX controls and plug-ins
* Download signed ActiveX controls (Prompt)
* Download unsigned ActiveX controls (Disable)
* Initialize and script ActiveX controls not marked as safe (Disable)
* Script ActiveX controls marked safe for scripting (Prompt)
* Launching programs and files in an IFRAME (Prompt)
* Navigate sub-frames across different domains (Prompt)

Remember to go to Windows Update and install all critical updates, and to install and update your antivirus program and firewall.

There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewa...uc/resource.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://forums.spywar...showtopic=60955

Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 08 June 2008 - 07:46 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button