Something taking a long time to load after boot!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by beatsbymarkus, Oct 29, 2004.

  1. beatsbymarkus

    beatsbymarkus Private E-2

    Hello,

    I was wondering if one of u experts can help me with my Hijackthis log file. When I reboot my computer, it takes about 2 minutes for me to connect to the internet after it "seems" like the reboot was complete. Also, about once a day, I'll be working and my whole computer will just freeze and I can't do anything but a hard reboot.

    I've recently updated to XP Sp2 and also updated to DirectX 9. Don't know if my problems are related to these updates but I also get a computer freeze a day with my digital audio workstation program Sonar. I was told not to paste or attach my Hijackthis log until I was asked....so.....can I?

    Thanks much in adance,

    Markus
     
  2. jarcher

    jarcher I can't handle a title

  3. beatsbymarkus

    beatsbymarkus Private E-2

    Thanks for the reply. Yea, I read some of the pre-posts (that's where I got "someone told me") and I'm going through your links now.

    Thanks again,

    Markus
     
  4. jarcher

    jarcher I can't handle a title

    no problem
    Let us know how it goes. . . .
     
  5. beatsbymarkus

    beatsbymarkus Private E-2

    Okay, I jsut finished following the steps from these links:

    http://forums.majorgeeks.com/showthread.php?t=35407
    http://forums.majorgeeks.com/showthread.php?t=38752

    (Thanks again Archer)

    and I still have the same problems. Would it be okay to attach my HijackThis log now? It's very small since I already did fix many items but I want to make sure I didn't miss something. Especially the processes that I have running - I don't know if any are memory hogs or harmfull. Can someone help me? I'll wait for a request to attach my HijackThis log file.

    Thanks,

    Markus
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay, Attach your log! But how are things working now.
     
  7. beatsbymarkus

    beatsbymarkus Private E-2

    Thanks ChasLang, I have attached my HijackThis log file. To answer your question, after running all the steps, I'm still having the same problems described in my first thread.

    Thanks again,

    Markus
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You either forgot to attach your log or you did not change it to a .txt file before trying to upload it and you got an error message you missed. Try it again.
     
  9. beatsbymarkus

    beatsbymarkus Private E-2

    okay, the attatchment didn't work. Maybe I don't know what I'm doing. I'll try again...
     

    Attached Files:

  10. jarcher

    jarcher I can't handle a title

    lgo to add remove programs(mke sure your system restore is disabled)
    and remove P2P networking
    Run HJT again
    check these box's
    if you don't know this check it too. .
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/


    close Internet Explorer
    and click fix
     
  11. beatsbymarkus

    beatsbymarkus Private E-2

    Thanks Jarcher. The P2P networking is needed for my eDonkey program, I believe. eDonkey, if u don't know, is a peer to peer program like Kazaa. But I think I need it (P2P) for eDonkey. Do u know if that's true?

    Thanks,

    Markus
     
  12. jarcher

    jarcher I can't handle a title

    I dont know if that is true
    I do not believe it to be so
    you can wait for chaslang
    if you like. . .sorry I cannot answer that
     
  13. beatsbymarkus

    beatsbymarkus Private E-2

    Okay, i might experiment by unchecking it (P2P Networking) in my startup and trying to see if eDonkey works.

    Thanks man,

    Markus
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not positive about that either. As far as I know, P2P Networking is bundled with Kazaa. Did you have Kazaa on this PC at one time? It could just be left over from that.


    By the way, do you know what this is for: C:\Program Files\Aardvark\aardvark.exe

    Next time you scan or fix items with HJT, you MUST remember what we said in the HJT tutorial, shutdown browsers. You had 3 IE sessions running.
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe


    The below line should be fixed using HJT.
    O20 - AppInit_DLLs: C:\WINDOWS\System32\
     
  15. jarcher

    jarcher I can't handle a title

  16. beatsbymarkus

    beatsbymarkus Private E-2

    Okay, eDonkey worked without P2P so ur probably right Chaslang. Unfortunately I checked and fixed all the items that u guys told me too and I still have to wait about 2 minutes to get internet connection after a reboot. Anything else I can try?

    Also, aardvark.exe is a process that my computer interface uses for digital audio recording - it's legit.

    I did try to run HijackThis again after I closed all my browser windows - sorry about that.

    I really appreciate the help,

    Markus
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you filtering anything out of your HJT log using HJT's Ignorelist?
    Also is your log from booting in normal mode or in safe mode?

    Either way post a new HJT log (unfiltered if you were filtering) from normal boot mode.
     
  18. beatsbymarkus

    beatsbymarkus Private E-2

    I just checked my ignorelist and I'm not filtering anything out. Also, the log was from normal boot. I've run a scan again in normal boot and attached the log file.

    Thanks again man!

    Markus
     

    Attached Files:

  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are still forgetting to shut down your browsers when scanning:

    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    And now you also have the below two items running:

    C:\Program Files\eDonkey2000\edonkey2000.exe
    C:\Program Files\SmartFTP\SmartFTP.exe

    Why are they loading at startup? They should only be loaded when you run their programs. (at least that is my opinion). I would also ask why Aardvark needs to load at boot?


    Is your problem, only after you boot or does it happen all the time when loading Internet Explorer?
     
  20. beatsbymarkus

    beatsbymarkus Private E-2

    I don't know why it was showing the browsers, i closed them all b4 running it. Anyway, those 2 programs don't boot on startup and i think aardvark has to so that Sonar (my digital audio program) will run.

    My problem only happens after boot.

    Thanks,

    Markus
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    So why are the other two programs showing as running if they do not load at startup?
    Reboot you PC and immediately after reboot, the first thing I want you to do is scan using HijackThis and post the log.

    Check to see if Sonar needs Aardvark to be loaded at startup by temporarily disabling it from loading using msconfig.
     
  22. beatsbymarkus

    beatsbymarkus Private E-2

    Aardvark wasn't in msconfig startup so I ended the process and tried to run Sonar. I tried this twice and both times my computer froze. Sonar really needs this program. Anyway, I did what u said - rebooted, and ran HyjackThis first thing. Here r the results (attached).

    I'm catching a plane now and won't be back until Monday. Thanks so much for your help and maybe I'l talk 2 ya then!

    Markus
     

    Attached Files:

  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay Markus, I'll talk to you when you get back.

    This time there were no Internet Explorer sessions nor were either of the below running.
    C:\Program Files\eDonkey2000\edonkey2000.exe
    C:\Program Files\SmartFTP\SmartFTP.exe

    You must have run them last time before using HijackThis?

    Why do you have msconfig running at startup? Are your doing a selective startup?
     
  24. beatsbymarkus

    beatsbymarkus Private E-2


    Hey Chaslang, how was your weekend? Was in Vegas this weekend - was crazy - no sleep, playing poker, playing more poker, then getting less sleep - lol!

    Anyway man, thanks for hanging in there with me. To answer your questions - yes, I ran edonkey2000 and SmartFTP before running HijackThis. And about Msconfig on startup - it starts up on the next boot everytime I change it and then I click the checkbox to "not show again on startup".

    By the way, my computer froze again on my wife last night. She wasn't doing anything specific - she was just surfing the net. Man, i wanna get rid of these problems but I really don't want to re-format my hard drive if I don't have to. Any other ideas?

    Thanks again,

    Markus
     
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run msconfig and make sure that Normal Startup is selected. You most likely have Selective Startup chosen. Now reboot. If that still does not fix the problem, fi the below line with HJT:

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


    Now post a new HJT log attachment.
     
  26. beatsbymarkus

    beatsbymarkus Private E-2

    Sorry man, I went out to do some errands but now I back and in front of my computer for most of the day. U were right. I had selective startup chosen (I never really looked at this section of Msconfig before). So, I selected Normal Startup and rebooted. Now, as u probably know, a shit load of startup services started.

    But one of the problems is still there - the internet connection takes a long time to connect. Some more info on this: I did recently get a new cable modem and had to return my old one to my old ISP. This internet connection problem might be related to my new modem but not sure. It seems like there is some process that is "liked" the old connection and does this huge search until it finds the new modem. Just a wild guess...

    The other problem of - a general unstableness of my system and frequent freezes of my whole system - I'm not sure if that's still around because of it's intermittent nature.

    Now u said to "fi the below line with HJT". I assumed "fi" was a typo for "fix" so I ran HJT to look for that line and couldn't find it. If u want me to add that line somehow, then I'm not sure how to do it. Sorry for my lack of knowlege with this stuff.

    Markus
     
  27. beatsbymarkus

    beatsbymarkus Private E-2

    Hey Chaslang,

    I looked at the old HJT log and see that line that u wanted me to fix but It's not there anymore after I selected "normal startup", rebooted, and ran HJT.

    Anyway, I've attached the latest log file.

    Thanks,

    Markus
     

    Attached Files:

  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it was a typo. But that was only necessary if the change in msconfig to Normal Startup did not work.
     
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to go to Add/Remove Programs an uninstall if found:
    P2P Networking
    Gain or GainBundle
    GMT
    CME or CMEII
    anything that says NEWDOT in it.

    And also now that you have allowed your system to have normal startup we can see the remaining crap that was on your system. I would also suggest running Ad-Aware SE, Spybot S&D and the online scans right now. In my next message, I will give manual removal instructions too. Some of the items may get cleaned up when you work the steps in this present message. If so, you will just ignore those items that will not be present in my next message.
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download LSP-Fix in case we need it later. http://www.majorgeeks.com/download4180.html

    Make sure you have system restore disabled and viewing of hidden files enabled.

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below processes and End them if found:
    P2P Networking.exe
    Desktop-shooting.exe
    CMESys.exe
    wupdt.exe
    GMT.exe
    updmgr.exe
    AGNQWDKA.exe

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    ----> Go here and read about the above virus: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.imiserv.html

    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    ---> go here and scroll down to read about the above program. This could be your slow down problem: http://www.answersthatwork.com/Tasklist_pages/tasklist_u.htm

    O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -S c:\ie.reg
    O4 - HKLM\..\Run: [Supernova] C:\WINDOWS\Desktop-shooting.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [AGNQWDKA] C:\WINDOWS\AGNQWDKA.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe


    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\P2P Networking <--- the whole directory
    C:\WINDOWS\wupdt.exe
    c:\ie.reg
    C:\WINDOWS\Desktop-shooting.exe
    C:\Program Files\Common Files\GMT <--- the whole directory
    C:\Program Files\Common Files\CMEII <--- the whole directory
    C:\PROGRA~1\CLOCKS~1 <--- the whole directory (it's probably C:\Program Files\ClockSync)
    C:\Program Files\Common files\updmgr\updmgr.exe
    C:\WINDOWS\AGNQWDKA.exe


    No reboot in normal mode and post a new HJT log. And tell us how things are working.

    I want to delete the below too, but not yet:
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

    I want to wait to make sure we do not have a problem. New.net stuff can break an Internet connections completely. That is the reason for downloading LSP-Fix above. We may need it to remove a bad item from the LSP chain.
     
  31. beatsbymarkus

    beatsbymarkus Private E-2

    Oh, okay, I get it. So, any new thoughts? Nevermind - I see your new posts and am reading them now. Thanks!
     
  32. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you miss the other two posts?
     
    Last edited: Nov 3, 2004
  33. beatsbymarkus

    beatsbymarkus Private E-2

    Thanks for all the instrunctions.
    I was only able to find P2P Networking in Add/Remove Programs. Now I will run Ad-aware, spybot, and the online scans. And then next I will follow the details for manual removal in your last message. I'll let u know when I'm done - thanks again
     
  34. beatsbymarkus

    beatsbymarkus Private E-2

    Can I run any of these scans and online scans at the same time or do they have to run one after another?
     
  35. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! I'll be back later. I've got to run out for awhile.
     
  36. beatsbymarkus

    beatsbymarkus Private E-2

    ok ;)
     
  37. beatsbymarkus

    beatsbymarkus Private E-2

    Okay man, I did all the steps u told me to do in the last 2 messages. Ad-Aware and Spybot found and fixed some things. The online scans found no viruses or problems. I Like u said, most of the stuff was already cleaned up so I didn't have to do much as far as ending processes or fixing HJT items.

    Although I am happy to have cleaned up the garbage that was on my computer, the internet connection problem is still there. I've attached the latest HJT log.

    Also this directory doesn't exist anymore: C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL - I couldn't find it after running all the previous steps.


    Thanks man,

    Markus
     

    Attached Files:

  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is the only problem that after reboot, it takes about to 2 minutes to connect to the internet?

    Do you still have any of the freeze problems?

    How do you connect to the internet? Is it AOL? And is it a dialup modem? Both AOL and dialup are slow to begin with. Also, you are way out of date with AOL. If you are going to use it, you really should update to the latest version.

    Your log is clean now.
     
  39. beatsbymarkus

    beatsbymarkus Private E-2

    Thanks alot for all the help and cleaning my log - I reappy appreciate all your help. Well, the freeze problem happens intermittently so I'm not sure about that one yet. I don't use Dial up or AOL. I use a cable modem and my computer used to connect to the internet almost immediately after boot up. I'm just pretty stumped. :eek:

    Markus
     
  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you don't use AOL, can we uninstall that AOL 7 stuff?
    If already uninstalled, fix the following line with HJT:
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe

    Do you use a router? Or direct connect to cable modem?

    Please explain in detail your internet problem? Are you connecting here thru the problem PC right now? Can you download stuff okay?
     
    Last edited: Nov 3, 2004
  41. beatsbymarkus

    beatsbymarkus Private E-2

    Okay, I just fixed the aol line (O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe) through HJT. I looked to uninstall it from my system but I don't currently have it.

    I don't connect through a router and once the connection to the internet is finally made, everything else is fine as far as downloading, speed, etc.
     
  42. beatsbymarkus

    beatsbymarkus Private E-2

    I just rebooted to test the last change and there was no difference. Also, is it okay to go back to selective startup so I can not have some of the services starting up?

    Thanks,

    Markus
     
  43. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Which items are you talking about? Many of these items are not services they are just startup programs. Using msconfig like that is not really a good long term solution. A program like Startup CPL is a better idea.

    I repeat: Please explain in detail your internet problem?
     
  44. beatsbymarkus

    beatsbymarkus Private E-2

    Hey man, I thought u went to bed already. Sometimes I get an e-amail notification when u reply and sometimes not. I just happen to check. Anyways...

    The items I'm talking about r either programs that I use (or little additions to the programs) that I don't want to start on reboot as taskbar icons - like my video card has a little taskbar icon program, Real Audio has one, eDonkey2000 has one, my HP printer has one, Quicktime, MS Messenger, etc.

    I use all these programs but I don't want them to start unless I need them. So, r u saying that unchecking these items on the "startup" tab in msconfig is not a good idea? If so, how come? Just trying to learn something here... :)

    Man, I don't know what else to say about the internet problem that I've already said. I'm not sure what u don't understand man. Please ask me specific questions about what u don't understand.

    Thanks much chaslang,

    Markus
     
  45. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    All I remember you saying about your problem is "it takes about 2 minutes for me to connect to the internet after it "seems" like the reboot was complete. " And you also said, "I use a cable modem and my computer used to connect to the internet almost immediately after boot up."

    What is your definition of after reboot? Do you mean when the system seems to have stopped loading? And then what are the steps you take? Is it just running Internet Explorer and you don't get your start page for 2 minutes? Or do you use something else to connect? Maybe your ISP is not assigning you an IP address fast enough.


    Rather than using msconfig (which is only meant to a temporary solution for disabling certain startups), remove the items from loading at all during startup. In 99% of cases users don't need many of the items, they waste resources, slow down bootup, and the programs will still run without them. Examples:

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    updreg.exe is a process from Creative Technology Ltd. It is used to reminds users to register for their Creative Labs products. This is a non-essential process. Disabling or enabling this is down to user preference.


    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    See this and look for RealPlay.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_r.htm

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    See this and look for qttask.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_q.htm


    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    see this and look for HPWuSchd2.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_h.htm

    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    see this and look for DwlClient or support.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_s.htm

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    see this and look for atiptaxx.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_a.htm

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    See this and look for msmsgs.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_m.htm

    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    see this and look for DSentry.exe: http://www.answersthatwork.com/Tasklist_pages/tasklist_d.htm
     
  46. beatsbymarkus

    beatsbymarkus Private E-2

    Good morning (almost afternoon),

    Okay I'm a little depressed about four more years of Bush and war, etc but I'll live! :))

    Yea, my definition of reboot is when the system seems to have stopped loading. I am aware that even though it seems to have stopped, it very well may be still loading things.

    After reboot, I will see the desktop come up, and things loading in the system tray, and the cursor is still an hourglass. Then, my deskop seems to do a refresh, the hourglass turns to pointer, and I can hear the computer "not working as hard". And in the past, if I double clicked on the Internet Explorer icon at this point, the browser would open and connect right away to the internet. Now what it does is the browser opens up, but I don't get the home page for about 2 minutes.

    Thank you very much for your explaination of the startup services - I agree with you. They are a resource hog and I don't want them starting up. I thought that msconfig was doing the trick but from what your saying, it's more of a workaround. So, I will download and use Startup CPL now.

    Thanks again man,

    Markus
     
  47. beatsbymarkus

    beatsbymarkus Private E-2

    Hey man, quick question about startup items like these. If I ran HJT and clicked fix for these items, is that enough to get rid of them? Or should I do that and also run Startup CPL?

    Thanks,

    Markus
     
  48. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you run HJT, it will delete the registry entries which should prevent those items from staring up and you can skip Startup CPL. Keep the backup from HJT around and that way you could restore those items if and when you desire.
     
  49. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Next time you boot you PC, as soon as you can do anything open a command prompt window by click Start, Run, and enter cmd and click okay.

    In the cmd window type ipconfig /all > c:\ipcfg1.txt followed by the enter key.
    leave the command window open.

    Now run IE. As soon as you now get your connection. In the command window enter:
    ipconfig /all > c:\ipcfg1.txt followed by the enter key.

    Come back here and upload as attachments those two ipcfgx.txt files.
     
  50. beatsbymarkus

    beatsbymarkus Private E-2

    K, doing that now!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds