Author Topic: [Inactive] Tried repairs, now slower start-up...Help, it's a friend's PC  (Read 7784 times)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #30 on: December 28, 2013, 02:57:03 PM »
How long does it take for windows to start now? How long to shutdown? Does it seem to be starting programs normally? How is the internet working?

The event viewer logs are showing fewer problems than what appeared to be from the previous logs. Two of them are from a game, one appears to be from Norton LiveUpdate and another one will take some digging.

Does your CD look like this.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #31 on: December 28, 2013, 03:06:17 PM »
Yes the CD looks like that. I have one game start-up blocked with Ccleaner. I tried to find all the Norton and IOBit stuff, I even deleted the BAK files that mentioned IOBit Defragger.

Thanks for the help,
Joan in Reno

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #32 on: December 28, 2013, 03:16:18 PM »
Hmmm, restarting is just as slow as I was complaining about. Should I update and run MalwareBytes or anything else? Will that help figure it out?

I've chiefly use Firefox, since I installed it without their info. What else should I try to run?

Thanks,
Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #33 on: December 28, 2013, 03:24:41 PM »
If you don't need your license number go to step three on this page, download Norton Removal Tool

That will get rid of liveupdate. About the startup, can you tell me how long it takes? How long does it take for Firefox to start? Also try starting Chrome and let me know how long it takes. As well as Microsoft Word.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #34 on: December 28, 2013, 04:05:24 PM »
Ran the Norton Removal Tool. Word opens faster than both Chrome and Firefox. Sorry I don't have a stopwatch for timing, but perhaps the malware caused a faster than normal speed as a smokescreen?

I've never worked on a family set-up PC before, is it normal to have Application Data empty? Or is this some more of AdvancedSystemCare goofs?

On a side note, I've been thinking of installing Advanced System Optimizer on my own Windows PCs, since I used the old version 2 and liked it. Have you run into any gotchas with it helping others here?

Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #35 on: December 28, 2013, 04:18:43 PM »
I stay away from all the optimizer programs. I find that they are not nearly as useful as they seem. If I have something that needs to be fixed, I investigate it and find out how to do it using the tools in windows.

The application data folder is where some applications store their configuration info, and settings and the like.  While there is probably not much in it, it should not be totally empty. It is not as well used in XP as it is in later versions of Windows. How big is the folder?

And about the time it takes for things to open, approximate times will do. 1 minute? 5 Minutes? Longer? I just need an idea on if there are other problems, or does windows just need tweaking.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #36 on: December 28, 2013, 04:53:54 PM »
The Application folder is completely empty. Roughly three minutes to get to a useable Desktop. Firefox opens in about a minute, Chrome takes about the same.

Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #37 on: December 28, 2013, 06:10:25 PM »
Not great, but not real bad either.

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer. Watch how long it takes for windows to start this way. Also check Chrome and Firefox again. Once you have figured out how long it takes that way, run msconfig and select normal startup then click apply then OK and reboot.

Let me know how long it took for windows to start cleanly and then Chrome and Firefox to start.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #38 on: December 28, 2013, 07:00:46 PM »
It took about 2 minutes in Selective Startup, and FF and Chrome took a minute or less each. Now to switch back and reboot.

What next?
Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #39 on: December 28, 2013, 07:35:02 PM »
Lets see if we can do some tune-ups.

1. Double-click My Computer, and then right-click the hard disk that you want to check.
   2. Click Properties, and then click Tools.
   3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
   4. Use both of the following procedures:
          *  select the Automatically fix file system errors check box
          *  select the Scan for and attempt recovery of bad sectors check box
   5. Click Start
 
      Note If one or more of the files on the hard disk are open, you will receive the following message:
      The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
      Click Yes to schedule the disk check, and then restart your computer to start the disk check.


Next, do a defrag.

    Open My Computer.
    Right-click the local disk volume that you want to defragment, and then click Properties.
    On the Tools tab, click Defragment Now.
    Click Defragment.
Follow the instructions.

Let me know how that goes.

Once it is done Please run Runscanner using the instructions below.

Please download RunScanner
  • Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  • Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
  • Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
  • Check Beginner Mode
  • Click Scan computer
  • Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
  • At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
  • A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
  • Next, zip up the runscanner.run file that you just saved.
  • I want you to upload the zipped runscanner.run file as an attachment in your next reply
  • To do that choose "Additional Options" under "Post Reply"
  • Browse to the zipped RUN file location and then click the "Post" button to attach the file.
  • I will review the run file, and then upload it back to you with items marked for deletion.
  • Please await my directions and the returned RUN file, and do not delete anything in the interim

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #40 on: December 29, 2013, 11:55:44 AM »
Phew, did those scans and defrags take a long time, and it seemed just as slow to launch into her desktop.

Here's the zipped file, the log showed missing files, any important?

Thanks,
Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #41 on: December 29, 2013, 09:28:52 PM »
Now, I want you to fix some autostart items by using the RUN file that I have attached with items marked for deletion:
  • Please download and extract the attached Zip file called runscannerChiJoan.zip to your Runscanner folder
  • Open Runscanner in Expert Mode by double-clicking runscanner.exe, checking "Expert" and clicking OK.
  • Click the "Open Run File" button
  • Browse to "runscannerChiJoan.run" (the run file you just unzipped) located in the Runscaner folder, and click Open
  • The screen will refresh after the run file loads
  • Click the "Item Fixer" button
  • The items selected to be fixed will be displayed and checked for removal
  • Click "Fix Selected items"
  • Confirm that you want to fix these items by clicking OK in the confirmation dialog box.
  • You will receive a "Done fixing items" message when removal is complete.
  • Reboot
  • Launch Runscanner again, save another .RUN File called runscannerChiJoan2.run
  • Zip up runscannerChiJoan2.run and attach it to your next reply please.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #42 on: December 29, 2013, 10:27:03 PM »
Here's the second file. Oh, another way to show how long it takes, I counted 45 times that Welcome screen blue line went by, any longer it could a subsitute for sheep. :D1

Thanks,
Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #43 on: December 30, 2013, 06:58:05 PM »
Sorry it has taken me so long to reply, I have been looking for a specific tool, but all the ones that do what I want are gone. So we are going to have to do this in pieces.

Download http://spywarehammer.com/Tools/HijackThis.exe and install it. Once it is running click the Open the Misc Tools Section Then click the Generate Startuplist log button. DO NOT check the two boxes next to the button. When you get a log, post the results here.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #44 on: December 30, 2013, 07:22:00 PM »
OK, here it is:

Thanks,
Joan in Reno

StartupList report, 12/30/2013, 5:19:57 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Fliptoast.lnk = C:\Program Files\Fliptoast\fliptoast.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RTHDCPL = RTHDCPL.EXE
Persistence = C:\WINDOWS\system32\igfxpers.exe
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
LWS = C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
AppleSoftwareUpdate.job
FacebookUpdateTaskUserS-1-5-21-1275210071-2052111302-839522115-1005Core.job
FacebookUpdateTaskUserS-1-5-21-1275210071-2052111302-839522115-1005UA.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
Microsoft Antimalware Scheduled Scan.job
User_Feed_Synchronization-{98475FA8-FEF2-49C0-ACCF-F537BEEE0ED5}.job

--------------------------------------------------

Enumerating Download Program Files:

[SOE Web Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\npsoe.dll
CODEBASE = http://launch.soe.com/plugin/web/SOEWebInstaller.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir_1207148.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir_1207148.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290114763484

[ExentInf Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,735 bytes
Report generated in 0.078 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only