Suddenly very slow startup - malware suspected

Discussion in 'Malware Help (A Specialist Will Reply)' started by dvae, Sep 7, 2009.

  1. dvae

    dvae Private E-2

    Since yesterday my laptop (Samsung NP-NC10) with Windows XP SP3 suddenly starts up very slowly. I suspect some form of malware, but can't find any. Here is what happens:

    Computer boots up normally;
    Windows starts;
    Windows loads personal settings;
    --- All normal until here ---
    Windows shows desktop including wallpaper, but nothing appears to happen for 60 seconds;
    I can mouse around;
    I can invoke the task manager by pressing CTRL+ALT+DEL;
    Explorer.exe shows as running in the task manager;
    ... wait ... wait ... wait ...
    The start button appears, together with the taskbar and the desktop icons;
    Laptop functions normally.

    This started yesterday.
    I haven't noticed anything else and can't remember doing anything out of the ordinary.

    I suspect some form of malware, and have followed all the steps in thread http://forums.majorgeeks.com/showthread.php?t=35407 (thank you for the detailed explanations, impressive). However, the problem persists.

    I hope someone can point me in the right direction. Please see log-files attached.

    Thank you in advance :)

    dvae
     

    Attached Files:

    dvae, Sep 7, 2009
    #1
  2. dvae

    dvae Private E-2

    Here is the MGlogs.zip log-file attached as well.

    Thank you for any help :)
     

    Attached Files:

    dvae, Sep 7, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears as though you did not allow the MGTools.exe to run to completion. You need to leave the command prompt open until the scan tells you to hit any key. You should also be given pop ups to make the license agreement to run HJT.

    Please run it again and this time wait until it tells you it is finished.

    You also need to move Combo to your desktop on the c drive, not here:
    d:\desktop\ComboFix.exe
     
    TimW, Sep 11, 2009
    #3
  4. dvae

    dvae Private E-2

    Thank you TimW

    I have now run ComboFix from C:\Documents and Settings\All Users\Desktop

    I think MGTools didn't run correctly the first time, because my Desktop is set on the D: drive (not C:). This caused an error message saying that a certain file could not be found on C:\Documents and Settings\username\desktop . I changed the desktop to the above location and re-ran MGTools. It seemed to complete correctly now.

    Please see new log-files of ComboFix and MGTools attached.

    Thank you for your support!

    dvae
     

    Attached Files:

    dvae, Sep 11, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. Slow startups can be caused by many factors. I suggest that you post in the software forum for additional assistance.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Sep 16, 2009
    #5
  6. dvae

    dvae Private E-2

    Thank you TimW, it is good to know there is no malware on the laptop :). I will do as you suggested and post in the software forum.

    Thank you again,

    dvae
     
    dvae, Sep 17, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Hope they can help you in the software forum.
     
    TimW, Sep 23, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds