Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
On I need some help, this is ticking me off.
My computer is taking well over 2 minutes to boot when it normally takes under 45 seconds.
I have already run, norton anti virus many times, ad-aware many times and spybot many times.
This is the second time that my system has had long boot time like this.
It started when I got hit with the golden palace autoinstaller. Both times that I got hit with it was when my boot time went up over 2+ minutes. Both times it installed itself it tried to do a reboot or something and my system started to shut down but then stopped and stayed on. Almost like it failed to turn off my computer.
As far as I know I have gotten rid of everything to do with the auto installer. The 3 programs don't turn up anything.
I have gone through my reg and can't find anything strange.
I have gone through my services and can't seem to find anything strange.
I have even tried a zone alarm firewall with no effect.
Last time I was hit with this autoinstaller it seemed to fix itself after a while. No idea what I did to get rid of it, but it just seemed to stop and I was back to the under 45 second reboot.
On a side note, I also seem to be downloading at about 10k/sec constantly. Zone alarm didn't stop it and I can't find anything that that would be downloading all the time. I am using netstat live and it says I am downloading at about 10k/sec but not uploading anything at all.. Its 0 all the way. After I reboot it says that I have downloaded 1.2 to 1.4 megs but I can't don't think I am actually loosing any space, least its not noticable.
This seems to have started at around the same time as when steam tried to download CS:CZ on my system, I think.
I called my ISP and they said that I seem to be downloading from 64.94.110.11 I traced it back and it seems to come from crl.verisign.com
I'm wondering if I uninstalled steam if the downloading would stop. I think that is my next goal. I never liked verisign as I have known them not to have a problem with warez sites that charge people to download it.
Again any suggestions would be good. Also how do I close off a port? The 64.94.110.11 is downloading to a specific port and I want to close it off.
Posts: 1,116
Threads: 91
Joined: Feb 2003
Reputation:
0
See if this helps Gwar.
Forums
Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
Posts: 110
Threads: 1
Joined: Mar 2003
Reputation:
0
I have a long bootup problem before. It ended up being norton anti virus.
-Sockhole
"If ya SMELL ... what the SOCK ... is cookin."
Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
I uninstalled norton and rebooted, still took over 2 minutes.
Posts: 135
Threads: 9
Joined: Feb 2004
Reputation:
0
well your norton may be optioned to do a system scan at boot-up, you may want to check your preferences and see if that's checked, could add on alot of time to the boot-up
Posts: 1,329
Threads: 294
Joined: Dec 2003
Reputation:
0
Did you try hijackthis? Post a log. I know thats how I found a few viruses before...
<@Miagi> !8 Am I spamming?
<@ChanServ> Miagi: Yes.
<@Miagi> !8 Should I stop?
<@ChanServ> Miagi: Oh, please, PLEASE, make it stop!
Posts: 1,116
Threads: 91
Joined: Feb 2003
Reputation:
0
Ok...what part is taking 2 minutes? Once you get logged in? or the whole boot process?
What OS and how much memory?
If you have NT, 2000 or XP, open the task manager when you can and see what is using the most
memory or CPU. My bet is that it is a Norton process at first boot or an HP usb printer device. Print
screen the Task Manager and save it as an image then post it here. Lemme see this at boot time.
Have you done ANYTHING different before this started....like new device, driver or software?
Posts: 4,208
Threads: 795
Joined: Jan 2003
Reputation:
0
or eight hundred new d/l of movies?
Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
ok this is what happens...
I boot computer up...
The black windows XP screen with the moving bar comes up a few seconds later...
Then I get the blue welcome screen. Now normally I am about 1/2 to 3/4 of the way through booting now (never really timed that part). This screen usually stays up for a count of about 3 to 5 and then my desktop kicks in and all the icons start loading. All this time my hard drive light is going nuts. The system tray items are loading up while the hard drive light starts slowing down, and then basically stops and that is like 44.5 seconds (yes I have actually timed this on a stop watch).
What happends now though, it gets the the blue welcome screen the hard drive lights slow down and then stop. And for about 1m45s to 2 minutes It just sits there on the blue welcome screen. Then the hard drive light starts going again, within 10 to 20 seconds the desktop icons load up agian along with the system tray stuff and once they start loading up, everything seems to load up normally.
I thought it was norton too, but I uninstalled norton and still long boot.
uninstalled adaware and spybot, still long boot.
Not sure if this will help ya or not, this is what I got from hijackthis.
Quote:Logfile of HijackThis v1.97.7
Scan saved at 8:33:47 PM, on 3/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\MICROS~3\GAMECO~1\STRATE~1\daemon14.exe
C:\AnalogX\NetStat Live\nsl.exe
C:\Winamp\Winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\War-ftpd-Anime\war-ftpd.exe
C:\Documents and Settings\User1\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Agent/importantwebsites.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 38.136.164.130:80
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Agent/importantwebsites.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.40.230.4 desktop.kazaa.com
O1 - Hosts: 216.40.230.4 alpha.kazaa.com
O1 - Hosts: 216.40.230.4 shop.kazaa.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\adobe\acrobat reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E82C128A-1A2C-BD6D-ACA5-A184FF41FFAE} - C:\WINDOWS\system32\kspbkcxs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Daemon14] C:\MICROS~3\GAMECO~1\STRATE~1\daemon14.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NetStat Live] C:\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: war-ftpd Ricochet.lnk = C:\War-ftpd-Anime\war-ftpd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &IE Toolbar search - res://C:\WINDOWS\Downloaded Program Files\toolbar.dll/SEARCH.HTML
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
Even if I could just see everything in dos as its loading up without the xp screen and welcome screen that would help me as I would be able to see all the files that are loading.
BTW I turned off my net connection and booted up, still took the 2+ minutes to load.
Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
What happened was I had the 45 second boot time...
I got hit with that autoinstalling golden palace crap, machine tried to reboot, but it didn't shut down, I clean out all the crap then reboot and my boot time was over 2 minutes. I'm time it next time I boot and tell you exactly how long it is.
Posts: 3,269
Threads: 105
Joined: Apr 2003
Reputation:
0
Could be an XP thing. You can always reinstall it. It will take awhile, but worth it if your desperate.
Posts: 1,116
Threads: 91
Joined: Feb 2003
Reputation:
0
O2 - BHO: (no name) - {E82C128A-1A2C-BD6D-ACA5-A184FF41FFAE} - C:\WINDOWS\system32\kspbkcxs.dll (file missing)
This one looks funny even though it is showing missing. This is too random a filename. Looks virus like especially in the system32.
Do this:
regedit
HKEY_LOCAL_MACHINE/software/microsoft/windows/current version/run
look in the Run folder itself. Copy and paste the entire right frame that shows EVERYTHING that gets started at boot.
Posts: 1,411
Threads: 85
Joined: Feb 2003
Reputation:
0
how do you get rid of something like that, it is happening to me also?
Posts: 1,116
Threads: 91
Joined: Feb 2003
Reputation:
0
ya look in that registry place and see what looks funny. look at the Name of it and the path where it is located on the right. Then do
a google search for the program running and see if anyone else has seen it. Most of the stuff in that directory is legit. Look over EVERYTHING
being listed in the system32 directory carefully. If you find stuff...sometimes you have to boot into safe mode to delete it before it starts up.
Lotta spyware and viruses get put here to start up.
Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
03-24-2004, 11:02 PM
(This post was last modified: 03-24-2004, 11:04 PM by Gwarsbane.)
Quote:Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe /startup"
"AtiPTA"="atiptaxx.exe"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC1.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Daemon14"="C:\\MICROS~3\\GAMECO~1\\STRATE~1\\daemon14.exe"
"CloneCDElbyCDFL"="\"C:\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"Logitech Utility"="Logi_MwX.Exe"
"NetStat Live"="C:\\AnalogX\\NetStat Live\\nsl.exe"
"WinampAgent"="\"C:\\Winamp\\Winampa.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Advanced Tools Check"="C:\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"QuickTime Task"="\"C:\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
I have also removed the kspbkcxs.dll part and will reboot in a bit to see if that helped, but I doubt it will.
Posts: 1,411
Threads: 85
Joined: Feb 2003
Reputation:
0
gwars, try this.
I went to update my adaware and it said there was no new updates for my program. But there is a build 1.81 for adaware 6, so I reloaded it, then there was an update. OMG there were 115 new things total, 6 of them high risk. I cleaned it and now i am rebooting quick.
ps. of course it blocked my roadrunner home page and i got to figure that out, lol
Posts: 92
Threads: 4
Joined: Feb 2003
Reputation:
0
use CWShredder
dl the new reflist.ref (Latest reference file : 01R275 25.03.2004) for ad-aware
use spybot (Coz adaware cant do what spybot can fix
a good 1 page tutorial for HijackThis
use regcleaner
Posts: 2,453
Threads: 614
Joined: Jan 2003
Reputation:
0
Tried all that (except for the reg cleaner) and nothing has worked. I have also done a check disk and still nothing.
I'm gonna need to clean off a few more gigs at least off my hard drive and then I will run a defrag and see if that turns up anything.
I have decided that I will reformat my machine once Service pack 2 for windows xp is released. this way I can start off with a totally fresh install.
Posts: 84
Threads: 2
Joined: May 2003
Reputation:
0
drop adware and get bulletproof spyware remover, also kill norton and get an anti virus program from kaspersky labs.. I had the same issue about 3 weeks ago and these helped me.
oops
Posts: 546
Threads: 35
Joined: May 2003
Reputation:
0
why do people hate nortons so much..its fine...get a prog called spysweeper..run it then get a prog called reg cleaner..get rid of everything you dont need then get a prog called startup cop..its on download.com...take everything off startup that you dont need..then run msconfig in Start>Run and take the rest of things off...now if any of this doesnt work i dont know wtf you did to your pc :\
Posts: 1,411
Threads: 85
Joined: Feb 2003
Reputation:
0
the problem is that we all have to get all these programs to keep these other programs off our puters that we didn't ask for to start with.
now I used to know a few glass/window installers that would go around and shoot out windows in their neighbourhood to create business, think this mite be a pattern?
Posts: 546
Threads: 35
Joined: May 2003
Reputation:
0
well then stay off sites that you shouldnt be on:)..or be like me and get nortons internet security that blocks everything unless i give it permission:D
|