Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Starting Computer


  • Please log in to reply
4 replies to this topic

#1 jujosa

jujosa

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 17 January 2006 - 11:19 AM

Hi friends!
Could somebody take a look to this HijackThis logfile?. I am afraid that there are too many files loaded into the PC at start-up taking to long to boot. I am using Windows 98 SE

I run the antivirus AVG, Spybot and Ad-aware before this logfile, so I assume that the PC is clean of viruses and malware now.

Here is my HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16:32:53, on 17/01/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN95\SYSTEM\KERNEL32.DLL
C:\WIN95\SYSTEM\MSGSRV32.EXE
C:\WIN95\SYSTEM\MPREXE.EXE
C:\WIN95\SYSTEM\mmtask.tsk
C:\WIN95\SYSTEM\MSTASK.EXE
C:\WIN95\SYSTEM\ZONELABS\VSMON.EXE
C:\WIN95\SYSTEM\KB891711\KB891711.EXE
C:\WIN95\EXPLORER.EXE
C:\WIN95\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WIN95\TASKMON.EXE
C:\WIN95\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGEMC.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\ARCHIVOS DE PROGRAMA\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\ARCHIVOS DE PROGRAMA\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WIN95\SYSTEM\WMIEXE.EXE
C:\WIN95\SYSTEM\DDHELP.EXE
C:\WIN95\SYSTEM\SPOOL32.EXE
C:\WIN95\SYSTEM\HPZSTATX.EXE
C:\WIN95\SYSTEM\WUCRTUPD.EXE
D:\ARCHIVOS DE PROGRAMACIóN\PC UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/intl/es/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 216.239.37.101 www.kazaagold.com
O1 - Hosts: 216.239.37.101 www.k-lite.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~2\PCUTIL~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN95\SYSTEM\MSDXM.OCX
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\ARCHIVOS DE PROGRAMA\ADWAREFILTERTOOLBAR\ADWAREFILTER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN95\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [StillImageMonitor] C:\WIN95\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Archivos de programa\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Archivos de programa\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN95\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN95\scanregw.exe /autorun
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WIN95\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WIN95\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Inicio de Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA.EXE
O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://chat.mns.es
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender-es.com/scan8/oscan8.cab

Thanks for any help
Jujosa

BC AdBot (Login to Remove)

 


m

#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:41 PM

Posted 17 January 2006 - 11:28 AM

Before submitting a HJT file, I suggest you post the startup applications listed by Spybot (click on "Mode" and then select "Advanced" to bring up the tools section of spybot. Click on "System Startup" and then click on "Export" to get a text file. Clean up this text file by deleting any "disabled" items, then post it here.
Regards,
John

Edited by jgweed, 17 January 2006 - 11:29 AM.

Whereof one cannot speak, thereof one should be silent.

#3 jujosa

jujosa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 18 January 2006 - 01:40 PM

Hi John!

Thank you for answering my request for help.
I run Spybot as you proposed and here is the startup list provided by Spybot.

Please let me know if you need any additional information.
Thanks
Jujosa

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2006-01-13 Includes\Dialer.sbi
2006-01-13 Includes\Hijackers.sbi
2006-01-13 Includes\Keyloggers.sbi
2006-01-13 Includes\Malware.sbi
2006-01-13 Includes\Revision.sbi
2006-01-13 Includes\Security.sbi
2006-01-13 Includes\Spybots.sbi
2006-01-13 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2006-01-13 Includes\PUPS.sbi

Located: HK_LM:Run, AVG7_AMSVR
command: C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
file: C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
size: 336896
MD5: 9bf46d959f713d64c8ff3de2b2437863

Located: HK_LM:Run, AVG7_CC
command: C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
file: C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE
size: 356352
MD5: 6492815fc67068a11420740637946b0e

Located: HK_LM:Run, AVG7_EMC
command: C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
file: C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
size: 280576
MD5: e431814c506fd4fd1df82d56f178b4a5

Located: HK_LM:Run, CriticalUpdate
command: C:\WIN95\SYSTEM\wucrtupd.exe -startup
file: C:\WIN95\SYSTEM\wucrtupd.exe
size: 135168
MD5: 15c399e50a6f359c043a3d640c425a88

Located: HK_LM:Run, EM_EXEC
command: c:\logitech\mouse\system\em_exec.exe
file: c:\logitech\mouse\system\em_exec.exe
size: 29184
MD5: 0f89d5e7803da52d1598d568cd2979ef

Located: HK_LM:Run, Iomega Drive Icons
command: C:\Archivos de programa\Iomega\DriveIcons\ImgIcon.exe
file: C:\Archivos de programa\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: dfdfd202f0c0a29088e043bbcd71002d

Located: HK_LM:Run, Iomega Startup Options
command: C:\Archivos de programa\Iomega\Common\ImgStart.exe
file: C:\Archivos de programa\Iomega\Common\ImgStart.exe
size: 45056
MD5: 1808f91fa578e8572bd1a9649fabb518

Located: HK_LM:Run, LoadPowerProfile
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WIN95\Rundll32.exe
size: 24576
MD5: ef3897e3c533f016c3a446eae0f6cd84

Located: HK_LM:Run, RFX_auto_upgrade
command:
file:

Located: HK_LM:Run, ScanRegistry
command: C:\WIN95\scanregw.exe /autorun
file: C:\WIN95\scanregw.exe
size: 90112
MD5: d6e3cae0d92870b972377f7f29265ed7

Located: HK_LM:Run, StillImageMonitor
command: C:\WIN95\SYSTEM\STIMON.EXE
file: C:\WIN95\SYSTEM\STIMON.EXE
size: 114688
MD5: cbe1e2b72cbecc1f9d4e155d5433c26e

Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WIN95\SYSTEM\SysTray.Exe
size: 32768
MD5: 4cb42a47f52030808f8e96d780c3d261

Located: HK_LM:Run, TaskMonitor
command: C:\WIN95\taskmon.exe
file: C:\WIN95\taskmon.exe
size: 28672
MD5: 36e6645e0f8cdf6c92308d6268e0ba33

Located: HK_LM:Run, TCASUTIEXE
command: TCAUDIAG.exe -off
file: C:\WIN95\SYSTEM\TCAUDIAG.exe
size: 1325056
MD5: 829598472a7e6cfef80fd4dccb790d23

Located: HK_LM:Run, Zone Labs Client
command: C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
file: C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
size: 755472
MD5: e85c5dc2659f562c496e839649aa7200

Located: HK_LM:RunServices, KB891711
command: C:\WIN95\SYSTEM\KB891711\KB891711.EXE
file: C:\WIN95\SYSTEM\KB891711\KB891711.EXE
size: 9088
MD5: cbd841775a04e82b2828fc301aafee70

Located: HK_LM:RunServices, LoadPowerProfile
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WIN95\Rundll32.exe
size: 24576
MD5: ef3897e3c533f016c3a446eae0f6cd84

Located: HK_LM:RunServices, SchedulingAgent
command: mstask.exe
file: C:\WIN95\SYSTEM\mstask.exe
size: 113424
MD5: 450f388f2bed1a6bad36f4ecd8b0871c

Located: HK_LM:RunServices, TrueVector
command: C:\WIN95\SYSTEM\ZONELABS\VSMON.EXE -service
file: C:\WIN95\SYSTEM\ZONELABS\VSMON.EXE
size: 1693448
MD5: 7e9c8f0bf97910e04a078799837bb6f2

Located: Inicio (usuario), Inicio de Office.lnk
command: C:\Archivos de programa\Microsoft Office\Office\OSA.EXE
file: C:\Archivos de programa\Microsoft Office\Office\OSA.EXE
size: 61440
MD5: 80485faea49c76cb105ac23c0ea76e21

#4 jujosa

jujosa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 January 2006 - 10:49 AM

Hi John,
Since I did not get any further answer from you I would appreciate you looking at the HijackThis and Spybot logs. Please tell me if there is any reason for the slow running/boot of my PC.

Thanks for your help
Jujosa :thumbsup:

#5 jujosa

jujosa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 25 January 2006 - 01:48 PM

Can some expert take a look at this HijackThis log?. John started helping me in order to solve problem I have with my slow running comp, but since one week I don´t have had any further notice from him.
Thanks
Jujosa




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users