10 Minute boot times

[a2a]

Hi, I was wondering if anyone could help me. My friends computer is experiencing 10 minute boot times and is very sluggish when online. I ran the scans but I am a bit of an amatuer at this so I will just post the results of the scans and await your advice.

* C:\ComboFix.txt
* SASlog.txt
* MGlogs.zip

[abri]

Hi a2a,

What's in this folder on the desktop? Can you see it?

C:\Documents and Settings\admin\Desktop\^

1) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Go to add/remove programs and uninstall the below:

Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 3

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) Then open your Windows Live Messenger, go to Help -> Customer Experience Improvement Program and turn it off. That will stop you getting the sqm files.

7) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


After you click fix, just close hijackthis.


8) Run CCleaner in the default setting with the Windows tab as the one on top.

9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

[a2a]

Windows Live Messenger was not running and I could not opt out of that option, everything else seemed to work.

[abri]

Hi a2a,
I think all you have to do is double click on the Windows Live link on your desktop to start it and then you can go to Help -> Customer Experience Improvement Program and turn it off.

Please disable your Guest Account if this has not already been done.

Your temp files still contain files from February and there is one file in the temp files I don't like. Also, there are folders in your temp files which are not usually located there, inlcuding Cookies, History, Temporary Internet Files. If you (or your friend) put these folders in the Temp file under Windows, then they should be moved. They belong under the user names, either directly or under Local Settings. If you did not move them into the Temp folder in Windows, then they can be deleted.

The file which concerns me and is also in the Windows Temp folder is Win2F1.tmp. I believe it is a remant which will be gone when you run CCleaner, but I would like for you to run GetLogs.bat (in the MGTools folder under C) one more time after running CCleaner so I can make sure all your temporary files have been removed. If CCleaner won't remove them, it may be necessary to empty those folders manually. They are

C:\WINDOWS\TEMP
C:\Documents and Settings\admin\Local Settings\TEMP

You won't be allowed to delete any from the current date.

After you finish the above, please attach the new MGlogs.zip and if they look okay, I will then post the final cleanup instructions to you. Is the computer working better now?

abri

[a2a]

After running CCleaner the temp files were still there however I was unable to delete one. It said something was using that file? Not sure if its totally fixed, the internet seems to be good however it still takes a long time to boot up. I was told to use quick detect settings in the bios. But I will take this one step at a time as that is for another forum.

[abri]

Quote:

Originally Posted by a2a

After running CCleaner the temp files were still there however I was unable to delete one.

The above sentence doesn't make sense to me.

It looks like CCleaner did not clean out your temp files. Did you try emptying the contents of the following two folders manually? If not, please do so and let me know how this goes.

C:\WINDOWS\TEMP
C:\Documents and Settings\admin\Local Settings\TEMP

abri

[a2a]

Abri,

Since CCleaner wasn't deleting the temp files I attempted to manually delete them. which only left one stubborn one that says to close the program that is using it... The name of the file was Perflib_Perfdata_79c, (figuring you already knew that) I still am unable to get the updates, it will download but cannot install. Says it needs a home office disc? to get Service Pack 3? Also CCleaner is now finding an bad uninstaller and two others for hjt in the MGtools folder. Please advise as I will post new logs

[abri]

Hi a2a,

Your temp files are clear now. You cannot delete files with the current date, so that's why that one file didn't want to be deleted. I don't know if I ever asked you any questions about this problem, as I was looking for a malware cause to it, but has the computer had a slow bootup time for awhile? Did it start doing that all at once or did it occur slowly? If it started doing it all at once, then it would be good to try going back to a restore point from before it started. If you want to keep this at an option, then DON'T reset your system restore when you follow the instructions below, but simply keep those instructions for a later time.

I don't find anything else on your system that looks like malware, so I think for the slow bootup times and update problems you would do well to post in the Software Forum where there are people who can help you with these kinds of problems. I would like for the problem to have been a simple malware problem, but it doesn't seem to be.

Since the computer does not have a lot of software loading up, I expect there are other issues which are causing the problem. It could also be hardware related. A bad sector can cause real issues. Try the Software Forum and they may also advise you to post in the Hardware Forum as well.

Please go ahead and run the final cleanup instructions in the box below, keeping in mind that you may want to wait with resetting system restore:.

Quote:

Your logs look good. If you're not experiencing any malware symptoms, please do the following:

• If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
• Go to add/remove programs and uninstall HijackThis.
• Then go into Windows Explorer and find MGTools directly under C:\ (or the root drive where your operating system is installed).
• Open the MGTools folder and delete the contents.
• Then delete the folder itself.
• Look for any leftover logs on your desktop and if found delete them
• Run CCleaner
• After you've completed the above, please follow the instructions at this link for setting a clean restore point. Disable and Enable System Restore!
• Once you've done this, please take a look at the link that follows. It's a good read and has some good information to help you prevent further malware invasions.
  
  How to Protect Yourself from Malware

Let us know how things went!

abri