Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVir and SuperAntiSpyware


  • Please log in to reply
5 replies to this topic

#1 JDM2

JDM2

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 29 December 2007 - 09:06 AM

Hi Quietman,

New to the forums and am amazed by both your vast knowledge and willingness to help others here.

A friend of mine has a PC running XP Home SP2 that takes forever to boot up. I do not believe the problem is hardware-related.

She has AntiVir and SuperAntiSpyware and neither picks up any problems.

I also ran SDFix and it found no problems.

Is there anyway you would be so kind as to do a quick look-thru of her ComboFix log below, to see if it can be determined why when she boots up she sees her desktop immediately, but it takes 10-15 minutes for her dekstop and quick-launch icons to appear?

I don't have a Deckard scan, but can probably get one, if required.

BTW, from the Combofix log below, I used OTMoveIt to fix C:\WINDOWS\imsins.BAK (as I believe it's a rogue entry). Other than that, I didn't see any problems.

Thanks so much if you can assist!!!

ComboFix 07-12-21.4 - Owner 2007-12-26 17:05:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT -5:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-25 20:30 . 2007-12-25 20:30 <DIR> d-------- C:\Program Files\Avira
2007-12-25 20:30 . 2007-12-25 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-11 22:20 . 2007-12-11 22:22 1,393 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 02:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 00:36 --------- d-----w C:\Program Files\iTunes
2007-11-10 00:35 --------- d-----w C:\Program Files\iPod
2007-11-10 00:31 --------- d-----w C:\Program Files\QuickTime
2007-11-09 03:31 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-09 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-09 00:49 --------- d-----w C:\Program Files\Trojan Remover
2007-11-09 00:02 --------- d-----w C:\Program Files\CCleaner
2007-11-08 23:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-11-08 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-08 23:35 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-27 16:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-25 20:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoRecentDocsMenu"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R2 spydetector;spydetector;C:\Program Files\Spyware Process Detector\spydetector.sys [2007-06-15 15:04]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 01:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 17:10:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 17:11:13
.
2007-12-12 03:24:28 --- E O F ---

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,099 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 PM

Posted 29 December 2007 - 09:13 AM

A friend of mine has a PC running XP Home SP2 that takes forever to boot up

If the system is slow, your friend may have too many applications loading at startup when Windows boots. Some of these programs are not needed and disabling them can save resources and improve performance as they are available elsewhere - Start > Programs or an icon on the desktop. For more information about this and other possible reasons for poor performance, read Slow Computer/Browser? Check here first; it may not be malware.

If you are unsure what any of the program entries are or if they are safe to disable, then do a search on Google or use the Startup Programs Database.

You should not be using Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that said, I don't see anything of concern.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JDM2

JDM2
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 29 December 2007 - 09:17 AM

Thanks very much for your reply, Quietman.

Actually, she only has four things running at start-up (and they're all legitimate items: AntiVir, SuperAntiSpyware, CCleaner and Java Update). Sorry - should have mentioned that in previous post.

I went into msconfig and unchecked a lot of garbage that was ticked and assigned to run at boot-up, so I'm positive too many app's running at start-up wouldn't be the issue.

I also defraged her PC using the latest version of PerfectDisk and did a sfc /scannow and everything looked okay.

I will check out the links you provided.

Thanks again.

JDM

Edited by JDM2, 29 December 2007 - 09:21 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,099 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 PM

Posted 29 December 2007 - 09:37 AM

MSConfig is a troubleshooting utility used to diagnose and fix system configuration issues. Although it works as a basic startup manager, msconfig should not be used routinely to disable auto-start programs. Further, msconfig does not list all applications loaded in all possible startup locations (some entry points are hidden and unknown to the user) and does not allow the complete removal of disabled entries from its list. You should not use msconfig to disable startup applications related to a running service. Doing so alters the registry and there are services that are essential for hardware and booting your system. When you uncheck a service in msconfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer. You should only disable services using Control Panel > Administrative Tools > Services.

A better alternative is to use a startup manager such as:
Startup Control Panel
Autoruns
Starter by CodeStuff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JDM2

JDM2
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 01 January 2008 - 06:48 PM

Quietman,

My HiJackThis log has a:

020: Appinit_DLLs

entry

Can I put a checkmark in the box and fix it?

I never saw it there before and it looks out of place.

Please advise if you are able to help.

Many thanks,

JDM

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,099 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 PM

Posted 01 January 2008 - 08:05 PM

Yes, fix that entry and let me know if your having any more problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users