Slow, slow startup

aliEnRIK

May as well run combofix before giving up

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

well-medicated

I tried combofix - anyone here know how to read it?

ComboFix 09-02-06.04 - Louis 2009-02-07 16:52:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.208 [GMT 0:00]
Running from: E:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.
2009-02-06 18:02 . 2004-08-04 07:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-06 18:02 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-02-06 18:02 . 2002-08-29 13:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-02-06 18:02 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-02-06 18:02 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-06 18:02 . 2004-08-04 05:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-02-06 18:02 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-02-06 18:02 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-02-06 18:02 . 2004-08-04 05:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-02-06 18:02 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-02-06 18:01 . 2002-08-28 22:59 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2009-02-06 18:01 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2009-02-06 18:01 . 2004-08-04 06:07 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-02-06 17:58 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-06 17:57 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-02-06 17:56 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-06 17:55 . 2002-08-29 13:00 229,439 --a--c--- c:\windows\system32\dllcache\multibox.dll
2009-02-06 17:54 . 2002-08-29 13:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-02-06 17:53 . 2002-08-29 13:00 1,158,818 --a--c--- c:\windows\system32\dllcache\korwbrkr.lex
2009-02-06 17:52 . 2002-08-29 13:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-02-06 17:51 . 2001-08-17 13:28 595,647 --a--c--- c:\windows\system32\dllcache\es56cvmp.sys
2009-02-06 17:50 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-02-06 17:49 . 2001-08-17 22:36 614,429 --a--c--- c:\windows\system32\dllcache\digiview.exe
2009-02-06 17:48 . 2002-08-29 13:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-06 17:47 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-02-06 17:46 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-02-06 17:46 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-02-06 17:46 . 2001-08-17 22:36 462,848 --a--c--- c:\windows\system32\dllcache\a3dapi.dll
2009-02-06 17:46 . 2001-08-17 12:20 297,728 --a--c--- c:\windows\system32\dllcache\ac97sis.sys
2009-02-06 17:46 . 2002-08-28 23:00 231,552 --a--c--- c:\windows\system32\dllcache\ac97ali.sys
2009-02-06 17:46 . 2001-08-17 12:48 148,352 --a--c--- c:\windows\system32\dllcache\3dfxvsm.sys
2009-02-06 17:46 . 2001-08-17 12:20 96,256 --a--c--- c:\windows\system32\dllcache\ac97intc.sys
2009-02-06 17:46 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-02-06 17:46 . 2004-08-04 06:10 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2009-02-06 17:46 . 2001-08-17 14:55 38,400 --a--c--- c:\windows\system32\dllcache\8514a.dll
2009-02-06 17:46 . 2001-08-17 13:52 23,552 --a--c--- c:\windows\system32\dllcache\abp480n5.sys
2009-02-06 17:46 . 2004-08-04 06:00 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys
2009-02-06 17:46 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-02-06 16:03 . 2009-02-06 16:03 <DIR> d

---

c:\documents and settings\Louis\Application Data\IObit
2009-02-06 14:08 . 2009-02-06 14:08 <DIR> d

---

c:\program files\SUPERAntiSpyware
2009-02-06 14:08 . 2009-02-06 14:08 <DIR> d

---

c:\documents and settings\Louis\Application Data\SUPERAntiSpyware.com
2009-02-06 14:08 . 2009-02-06 14:08 <DIR> d

---

c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-06 14:06 . 2009-02-06 14:06 <DIR> d

---

c:\program files\Common Files\Wise Installation Wizard
2009-02-05 22:48 . 2009-02-05 22:48 <DIR> d

---

c:\program files\Spybot - Search & Destroy
2009-02-05 22:48 . 2009-02-06 15:52 <DIR> d

---

c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-05 22:19 . 2009-02-05 22:19 <DIR> d

---

c:\program files\Trend Micro
2009-02-05 16:33 . 2002-04-12 10:06 73,728 --a

---

c:\windows\system32\AW32n50.dll
2009-02-05 16:33 . 2002-04-11 17:43 16,194 --a

---

c:\windows\system32\AWINDIS5.SYS
2009-02-05 15:55 . 2009-02-05 15:56 <DIR> d

---

c:\windows\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 13:35

---

d--h--w c:\program files\InstallShield Installation Information
2009-02-05 15:48

---

d

---

w c:\program files\BearShare
2007-01-28 23:00 160 ---ha-w c:\documents and settings\Maria\hpothb07.dat
2008-02-20 16:04 17,239,072 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-02-20 16:04 588,576 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartDefrag"="e:\iobit smartdefrag\IObit SmartDefrag.exe" [2009-01-14 1986384]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=c:\windows\pss\broadband medic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivDRVAutostart]
--a

---

2004-12-12 16:04 391168 c:\program files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVfilter]
--a

---

2002-11-07 12:41 23552 c:\program files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra

---

2003-06-18 12:44 151552 c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
--a

---

2003-07-29 15:19 638976 c:\program files\TOSHIBA\E-KEY\CeEKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
--a

---

2003-07-23 17:03 135168 c:\program files\TOSHIBA\Power Management\CePMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPLDBL10]
--a

---

2003-07-03 18:34 204800 c:\program files\EzButton\CPLDBL10.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]

---

2003-07-08 20:21 1171456 c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a

---

2003-05-29 15:14 114688 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a

---

2003-05-29 15:26 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a

---

2002-07-24 07:20 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a

---

2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a

---

2007-02-16 09:54 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
--a

---

2003-07-18 14:24 49152 c:\program files\TOSHIBA\TouchPad\TPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a

---

2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcmwltry]

---

2003-07-25 23:28 462848 c:\windows\system32\bcmwltry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveCpl]
--a

---

2003-01-14 22:50 24576 c:\windows\system32\RemoveCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CeEPwrSvc"=2 (0x2)
"ActivDRVcontrol"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 ACTIVdrv;ACTIV Device Pen Driver;c:\windows\system32\drivers\ActivDrv.sys [2004-02-12 67424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [2006-05-09 7072]
R2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\drivers\DPORTIO.SYS [2001-04-12 3674]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys --> c:\windows\system32\Drivers\mfpec.sys [?]
S3 ActivDRV_USB;ActivDRV_USB.Sys USB ACTIVboard;c:\windows\system32\drivers\ActivDRV_USB.sys [2003-01-20 17232]
S3 AliWGP;Composite Device;c:\windows\system32\DRIVERS\mfpcomp.sys --> c:\windows\system32\DRIVERS\mfpcomp.sys [?]
S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys --> c:\windows\system32\DRIVERS\mfpvbus.sys [?]
S4 ActivDRVcontrol;ACTIVdriver Control;c:\program files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe [2003-06-18 408064]
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AntiSpywareBot - c:\program files\SpywareBot\SpywareBot.exe
MSConfigStartUp-ezShieldProtector for Px - c:\windows\system32\ezSP_Px.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MFP Server Agent - c:\program files\Belkin\All-in-One Print Server\MFPAgent.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
MSConfigStartUp-ntl Netguard - c:\program files\ntl\ntl Netguard\RPS.exe
MSConfigStartUp-Server Application for MFP Server - c:\program files\Belkin\All-in-One Print Server\ServoApp.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [URL]file://c:\windows\Java\classes\dajava.cab[/URL]
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 17:17:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-3518773754-537211775-3118909330-1005\Software\SpywareBot\SpywareBot\RegInfo]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-3518773754-537211775-3118909330-1005\Software\SpywareBot\SpywareBot\Settings]
@DACL=(02 0000)
"UpdateTime"=dword:00000000
"Updated"=dword:00000001
"LastScanTime"="01-08-2007 18:59:59"
"NumberOfScans"=dword:00000001
"DontShowClosingDialog"=dword:00000001
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-07 17:21:02
ComboFix-quarantined-files.txt 2009-02-07 17:20:45
Pre-Run: 23,899,889,664 bytes free
Post-Run: 24,666,562,560 bytes free
209 --- E O F --- 2007-11-16 18:11:47

aliEnRIK

Looks like it couldnt find anything

Whats the EXACT problem your having now?

well-medicated

Same as always been. 10 mins to get into my desktop

aliEnRIK

Ok

Looking at the basics as your machines almost certainly 'clean'
480 ram means some of the ram will be used for video ram (Nothing unusual there)

HOWEVER. you must bare in mind that with each windows update (Particularly service packs 2 and 3) the machone will struggle more than when it was a fresh install (Meaning you NEED more ram for certain)

Id say the above is the inherant problem but lets look at the others
START UP programs

Download CCLEANER (Top right)
http://www.filehippo.com/download_ccleaner/
Run the top 2 scans (Backup the registry when it asks)
Then goto TOOLS and START UP programs
Untick ~
SMART BOARD
YAHOO TOOLBAR


Open windows messenger and switch that off from starting up automatically

Follow these steps to use the Reset Internet Explorer Settings feature from Internet Explorer 7:

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

FIX these using hijack
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\!!0FB18BE1-E5BE-42D2-8BD5-50554369796B}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\!!0FB18BE1-E5BE-42D2-8BD5-50554369796B}: NameServer = 192.168.0.1

Uninstall Zonealarm and switch on windoes firewall

If THAT doesnt work (And assuming your hard drives not close to full)

You have the options of buying new ram (Which I REALLY suggest you do anyways)
Use the XP disc to do a repair and reinstall the drivers
Goto windows update and install any drivers you can and reinsert the drivers disc that came with the pc and reinstall them

Complete wipe of computer

aliEnRIK

try glary utilities 1 click cleanup too
Download GLARY UTILITIES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Glary-Utilities/3000-2094_4-10508531.html
Run the ONE CLICK scan

asininity

@basmic - Bootvis is part of xp already. It runs anyway. You've not really used Winpatrol then.

@OP - try a clean install. Things like Glary Utilities are all in ones for the utilities we've all been posting I prefer Advanced System Care Free from IObit. if you tried them and they didn't work its time to bite the bullet.