Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boot Up - Fast to Slower to Very Slow

Started by Cap , Oct 08 2004 10:55 AM

  • Please log in to reply

#1
Cap
Posted 08 October 2004 - 10:55 AM

Cap

    Member

  • Member
  • PipPip
  • 32 posts
Having just stumbled on to this site, it is obvious there are still caring & giving folks, of their talent and time. Thank you.

After years loving Win98SE, I have embarked on Win-XP-Pro SP1 (fresh install on a new system). Ever since installing Norton SW-PRO 2004 ( and 20 or 30 more installs, un-installs, and reinstalls of every program and utility imaginable ), boot up has slowed and slowed and slowed. The black screen time between BIOS load and WELCOME is now 40 seconds. Once the desktop loads, there's another 20-30 seconds of delay before Norton Password Manager activates and the red "X" on the Norton A/V tool bar finally goes away.

In reading several threads, the expertise levels here are phenomenal. And I did the Hijack code read.

Here it is. Anything weird? Wrong? Off-color?

Logfile of HijackThis v1.98.2
Scan saved at 11:28:26 AM, on 10/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RCA 2825\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Norton\Password Manager\AcctMgr.exe
C:\PROGRA~1\Keyboard\RMTSTOCK.EXE
C:\Program Files\Acrobat Pro 6\Distillr\acrotray.exe
C:\PROGRA~1\Keyboard\MIXERCTL.EXE
C:\PROGRA~1\Keyboard\KBRmt32.Exe
C:\PROGRA~1\Keyboard\KBOSDCTL.EXE
C:\PROGRA~1\Keyboard\CDMng32.EXE
C:\Program Files\Clie\hotsync.exe
C:\Program Files\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Keyboard\RmtConvt.EXE
C:\Program Files\Quicken\QWDLLS.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Keyboard\BKGRD32.EXE
C:\PROGRA~1\Keyboard\CDMng32.EXE
C:\PROGRA~1\Keyboard\WheelMng.EXE
C:\PROGRA~1\Keyboard\MxrCtl32.EXE
C:\PROGRA~1\Keyboard\RMTSPECL.EXE
C:\PROGRA~1\Keyboard\CALCMNG.EXE
C:\PROGRA~1\Keyboard\RECMNG.EXE
C:\PROGRA~1\Keyboard\DKeyBEx.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Norton\NORTON~3\GHOSTS~2.EXE
C:\Norton\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Norton\Norton Antivirus\SAVScan.exe
C:\Norton\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Download\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/w...me=STRK:ME:LNLK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat Pro 6\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat Pro 6\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat Pro 6\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\RCA 2825\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Norton\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [MultimediaKey] C:\PROGRA~1\Keyboard\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat Pro 6\Distillr\acrotray.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Billminder.lnk = C:\Program Files\Quicken\BILLMIND.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Clie\hotsync.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat Pro 6\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\BILLMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Clie\hotsync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096468537250
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?323
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 11 October 2004 - 05:18 AM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)


Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\nsdb

Reboot normally.

It looks like you can save alot of memory usage by disabling the startup features in Microsoft Office and Quicken. The more things you have starting up with windows the longer it will take to boot. Go through all your programs and disable the startup features (usually in Tools, Options in the program) to applications you do not need to be taking memory at system startup. You can also look to see what is in your startup folder by clicking Start, All Programs, Startup. Also make sure to defragment your hard drive every so often, especially after installing large programs, or uninstalling them. Click "My Computer" right click your hard disk, click properties, click the tools tab and click defragment now. Keep your temp files cleared out also. Same way as defragmenting, but instead of clicking the tools tab, make sure you're on the general tab and click "Disk Cleanup".

-=jonnyrotten=-
<_<
  • 0

#3
Cap
Posted 11 October 2004 - 07:42 PM

Cap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks for your help. Ironically, removing the (file missing) files caused the IeSpell program the disapper. I reinstalled IeSpell, it's working perfectly, but those "missing files" reappear also in HiJack.

Perhaps the link to the .dll it cannot find only activates when "help" is requested. Nonetheless, my machine is answering the call to duty faster, operating more effectively, and again Thank You!
  • 0

#4
mcleanmarg
Posted 17 November 2004 - 03:56 PM

mcleanmarg

    New Member

  • Member
  • Pip
  • 1 posts
I suspect Norton. Check the application log and see how long it took for ccEvtmgr to load.
  • 0

#5
Cap
Posted 17 November 2004 - 04:10 PM

Cap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you for responding to this thread. I should've asked to have it closed.

The problem was the supposed expedited search feature which I disabled (see the locked threads for XP tweaks). Everything is running twice as fast, if not more.

Thank you again.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP