black screen at startup

K

killerchef04

New Member
When I start my computer, after the windows logo screen, theres just a black screen for about 30 seconds. I can see and move the mouse arrow (or whatever its called). It's also slow starting up after that. What is it, and how can i stop it, and speed up my computer?
 
Last edited:
I have the same problem sometimes. I believe that it is because windows is checking for another screen and because you don't have a fast GPU or CPU this process is slow (I have middle to high end hardware and it takes a few seconds). But I'm not sure about this, I would also like someone to comment on this if possible...
 
You ought to go to Start-->Run-->type 'msconfig', <enter> and look under the Startup tab and Services tab (check Hide All Microsoft Services) and attempt to identify what is causing your system to hang on boot-up.

If I were you, I would just click 'Disable All' under the Startup tab and the Services tab (with Hide All Microsoft Services checked), reboot and see if the problem persists. If not, I would start re-enabling processes via msconfig only as I found I needed them (usually the only thing I need running on startup is HP/Lexmark printer software and sometimes my graphics software).

95% of Windows users have unnecessary processes enabled to startup on OS boot by default. Disabling these unnecessary processes is guaranteed to speed up your computer, dramatically in some cases.
 
deanj20 said:
You ought to go to Start-->Run-->type 'msconfig', <enter> and look under the Startup tab and Services tab (check Hide All Microsoft Services) and attempt to identify what is causing your system to hang on boot-up.

If I were you, I would just click 'Disable All' under the Startup tab and the Services tab (with Hide All Microsoft Services checked), reboot and see if the problem persists. If not, I would start re-enabling processes via msconfig only as I found I needed them (usually the only thing I need running on startup is HP/Lexmark printer software and sometimes my graphics software).

95% of Windows users have unnecessary processes enabled to startup on OS boot by default. Disabling these unnecessary processes is guaranteed to speed up your computer, dramatically in some cases.
Click to expand...

I just did that and it still did the same thing. I think it might be a virus or something.
 
another thing that I have found out recently is that if you happened to have a nVidia card I would regularly check for updates because they come out very often...
 
davidandersson said:
another thing that I have found out recently is that if you happened to have a nVidia card I would regularly check for updates because they come out very often...
Click to expand...

Just updated it and it still happened. So far I have done an adaware scan, a spyware doctor scan, defraged the hardrive, cleaned out my browser history temp files and all that, checked for registry errors, did a disk check, did a system restore, stopped all the none windows files from starting at startup, and possibly some other stuff that i cant think of right now, and its still doing it. Does anyone have any suggestions? Besides doing a system restore.
 
Does it hang in Safe Mode as well?

Also, have you tried pulling out all of the internal hardware (PCI/PCIe/AGP cards, CD/DVD Drives, floppy drives, extra harddrives) and external hardware (anything USB, firewire, serial or paralell port) and booting with nothing but the master HDD, and a PS/2 mouse and keyboard?

Do that and see if it still hangs in normal mode, then try in safe mode and post back here.
 
deanj20 said:
Does it hang in Safe Mode as well?

Also, have you tried pulling out all of the internal hardware (PCI/PCIe/AGP cards, CD/DVD Drives, floppy drives, extra harddrives) and external hardware (anything USB, firewire, serial or paralell port) and booting with nothing but the master HDD, and a PS/2 mouse and keyboard?

Do that and see if it still hangs in normal mode, then try in safe mode and post back here.
Click to expand...

I took everything out and it still did it, when i booted up in safe mode it didnt do it. what does that mean?
 
Well, I think you need to double check that you have disabled everything via msconfig. Follow these directions very carefully

Go to Start-->Run-->type 'msconfig' <enter>

In the Startup Tab, click "Disable All" and click Apply - now there should be nothing checked. Go to the Services Tab, check Hide All Microsoft Services, click Disable All and click Apply. Then click Close and restart.

That should do the trick. If not, download and run HijackThis! and Open the Misc Tools Section - Choose to generate a Startup List with both options checked and post it here. Then go back to the main menu, do a System Scan and post the log file here as well.

You see - Safe Mode boots up using the bare resources needed to run Windows. Normal Mode loads additional processes and services - so since your computer boots into Safe Mode with no problems, we now know that we have to identify whatever process or service is causing your system to hang and disable it.

Also, what is the make and model of your system? Include any added peripherals such as video cards as well.
 
deanj20 said:
Well, I think you need to double check that you have disabled everything via msconfig. Follow these directions very carefully

Go to Start-->Run-->type 'msconfig' <enter>

In the Startup Tab, click "Disable All" and click Apply - now there should be nothing checked. Go to the Services Tab, check Hide All Microsoft Services, click Disable All and click Apply. Then click Close and restart.

That should do the trick. If not, download and run HijackThis! and Open the Misc Tools Section - Choose to generate a Startup List with both options checked and post it here. Then go back to the main menu, do a System Scan and post the log file here as well.

You see - Safe Mode boots up using the bare resources needed to run Windows. Normal Mode loads additional processes and services - so since your computer boots into Safe Mode with no problems, we now know that we have to identify whatever process or service is causing your system to hang and disable it.

Also, what is the make and model of your system? Include any added peripherals such as video cards as well.
Click to expand...

Ok I just unchecked everything and it started up fine. So how do i find out what is makeing it so slow?
 
Ok I just unchecked everything and it started up fine. So how do i find out what is makeing it so slow?
Click to expand...
Is it still running slow? What is the make/model of your computer? How much RAM do you have? Did it used to be fast? Post your system specs (include OS info) and we'll see what can be done.

You should also have a look at my "Slow Computer Rant" and follow the steps outlined there:
deanj20 Slow Computer Rant said:
The first thing I would do is completely uninstall anything that says Norton or Symantec. It's a major resource hog. Follow the steps in this post, and we'll replace it with something equally effective and less demanding.

Next, run Malwarebyte's Antimalware in Safe Mode with Networking and remove anything it finds.

After that, download and install Piriform CCleaner. Run the program, and on the left hand side select Registry. Scan and Fix Issues. Continue scanning for/repairing issues until it doesn't find anymore.

Then, if you're like 90% of Windows users, you probably have a ton of extra programs starting up automatically when Windows starts up. You can disable unneeded processes from starting up by doing the following:
Go to Start-->Run-->type in 'msconfig' and hit <enter>

In the Startup tab, uncheck everything that you do not need running in the background at startup and click "Apply." Then, in the Services tab, check Hide All Microsoft
Services, uncheck everything that you do not need running in the background at startup and click "Apply." Restart the computer.

Next, download and run the executable for TrendMicro HijackThis!.
Press the button labeled "Open the Misc Tools Section". Then check both the check boxes next to the "Generate StartupList Log" button and click the button. Click the button to generate the list, save it and upload it as an attachment to your next post, and I or some other forum member will advise you on what else to disable, if anything.
Then run HijackThis! in normal mode and post your scan log here and we'll see if there's anything else that needs to be looked at.

Finally, you can install a free anti-virus to help keep you protected (these aren't nearly as taxing on your memory as Norton). I prefer AVG Free Edition, but I've heard good things about Microsoft Security Essentials as well. Avira AntiVir and Avast! are two more options. Please install one of these programs to help keep you virus free.

After you've done all of these things, please wait until the computer is idle (no programs loading/scanning/etc), and hit ctrl+alt+delete and make note of your CPU usage at the bottom of the popup window.

On your next post, please include both the HijackThis! Logs I've requested, your idle CPU usage, any steps you left out, the make/model of your computer, and let us know how your it is running now.

Good Luck! :D
Click to expand...
 
deanj20 said:
Is it still running slow? What is the make/model of your computer? How much RAM do you have? Did it used to be fast? Post your system specs (include OS info) and we'll see what can be done.

You should also have a look at my "Slow Computer Rant" and follow the steps outlined there:
Click to expand...

no its not running slow since I unchecked everything. and it used to be fast.

Windows vista home premium 32-bit sp2
Intel core 2 duo cpu e4500 @ 2.20ghz
3 gbs of ram
nvidea geforce 9800 gtx/9800gtx+
western digital velociraptor 300gb 10,000rpm hd
600w power supply
motherboard is stock from an hp pavilion, not sure what it is, cant find a model # or brand name.
antec 900 case (I know you dont need to know that, just felt like adding it)
 
killerchef04 said:
Ok I just unchecked everything and it started up fine. So how do i find out what is makeing it so slow?
Click to expand...
killerchef04 said:
no its not running slow since I unchecked everything. and it used to be fast.
Click to expand...

:confused:


Do you mean what caused it to be slow before you disabled all startup processes? I don't know - I would assume some application or applications you've installed - this could be software that came as an add-on to your hardware, including graphics, sound, display, or even a printer application... or it could be other junk software you've installed over the course of your computers life...

It seems like everything wants to add a little background application these days - even pdf viewer and media player software (wtf!?). The crap starts to accumulate after a while, and can really bog a system down. Just look at all of the crap you unchecked under msconfig - that should give you an idea of what all was slowing you up.

Also, next time the computer seems to be running slow, hit ctrl+alt+del and put the process list in descending order according to memory usage - you'll be able to see what process is using up all of your memory.

Glad you're running faster - I still wouldn't mind seeing that HJT log...
 
deanj20 said:
:confused:


Do you mean what caused it to be slow before you disabled all startup processes? I don't know - I would assume some application or applications you've installed - this could be software that came as an add-on to your hardware, including graphics, sound, display, or even a printer application... or it could be other junk software you've installed over the course of your computers life...

It seems like everything wants to add a little background application these days - even pdf viewer and media player software (wtf!?). The crap starts to accumulate after a while, and can really bog a system down. Just look at all of the crap you unchecked under msconfig - that should give you an idea of what all was slowing you up.

Also, next time the computer seems to be running slow, hit ctrl+alt+del and put the process list in descending order according to memory usage - you'll be able to see what process is using up all of your memory.

Glad you're running faster - I still wouldn't mind seeing that HJT log...
Click to expand...

heres the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:11 AM, on 4/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8330 bytes
 
Well, you look clean to me.

I would definitely uninstall Lavasoft Adaware, Spyware Doctor and MOST DEFINITELY anything that says Norton or Symantec on it.

Norton is a major resource hog, and just a pain in the ass in general. There are more effective, less bloated programs available for free.

I like Lavasoft, but there's no sense in having their software installed unless you're scanning for malware - I don't know how effectve their real-time protection actually is, but I would guess it hogs more resources than it's worth.

I don't know anything about Spyware Doctor or IOBit, but again- I'm sure that having them running in the background all of the time is likely costing you more memory resources than the "protection" is worth.

I would replace all of the above programs with one single protection utility: Microsoft Security Essentials. I've heard really good things about it, and even installed it on a client computer the other day. Low resource use, really nice simple interface - sort of a cure all. About time MS started releasing free tools to fix the OSes that have made them rich.

After you uninstall/install, run CCleaner to clean up any broken registry entries. Choose to Scan/Fix issues in the registry repeatedly, until it finds no more.

Then post back w/ a fresh HJT log, and a report on how your system is running (without all of the extra crap bogging it down)
 
deanj20 said:
Well, you look clean to me.

I would definitely uninstall Lavasoft Adaware, Spyware Doctor and MOST DEFINITELY anything that says Norton or Symantec on it.

Norton is a major resource hog, and just a pain in the ass in general. There are more effective, less bloated programs available for free.

I like Lavasoft, but there's no sense in having their software installed unless you're scanning for malware - I don't know how effectve their real-time protection actually is, but I would guess it hogs more resources than it's worth.

I don't know anything about Spyware Doctor or IOBit, but again- I'm sure that having them running in the background all of the time is likely costing you more memory resources than the "protection" is worth.

I would replace all of the above programs with one single protection utility: Microsoft Security Essentials. I've heard really good things about it, and even installed it on a client computer the other day. Low resource use, really nice simple interface - sort of a cure all. About time MS started releasing free tools to fix the OSes that have made them rich.

After you uninstall/install, run CCleaner to clean up any broken registry entries. Choose to Scan/Fix issues in the registry repeatedly, until it finds no more.

Then post back w/ a fresh HJT log, and a report on how your system is running (without all of the extra crap bogging it down)
Click to expand...

ok just did everything that you said, and it still hangs at startup. Its a little better. So heres the hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:40 AM, on 4/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4609 bytes
 
hi killerchef04,

Uninstall IOBit and Windows Defender. Download the latest version of Java Runtime Environment (JRE) http://www.java.com/en/download/manual.jsp (thanks gamblingman)

After you've done that, download Malwarebytes Antimalware and install it. Then boot into safe mode and run a scan with it. Take note of how many instances you remove.

Then run a HijackThis! scan and put a check next to
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Click to expand...
And click "Fix Selected".

Then boot back into normal mode, and take note of how long it takes to boot. Hit ctrl+alt+del and make note of any proceeses using over 10,000K Memory. Run HijackThis! and post your log back here, along w/ how many instances of malware you've removed, any improvements in boot-up time and any processes using over 10,000K.
 
deanj20 said:
hi killerchef04,

Uninstall IOBit and Windows Defender. Download the latest version of Java Runtime Environment (JRE) http://www.java.com/en/download/manual.jsp (thanks gamblingman)

After you've done that, download Malwarebytes Antimalware and install it. Then boot into safe mode and run a scan with it. Take note of how many instances you remove.

Then run a HijackThis! scan and put a check next to

And click "Fix Selected".

Then boot back into normal mode, and take note of how long it takes to boot. Hit ctrl+alt+del and make note of any proceeses using over 10,000K Memory. Run HijackThis! and post your log back here, along w/ how many instances of malware you've removed, any improvements in boot-up time and any processes using over 10,000K.
Click to expand...

ok, first heres the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:00 AM, on 4/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4486 bytes



malwarebytes didnt find anything, heres the log for that,

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4034

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

4/25/2010 11:04:38 AM
mbam-log-2010-04-25 (11-04-38).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 263085
Time elapsed: 34 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


the proceeses over 10,000 are,
sidebar.exe 18,000k
explorer.exe 12,000k

it didnt start any faster.
 
Hey killerchef04,

Looks like you still need to uninstall Windows Defender. Then I would put a check next to this entry in HijackThis!
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
Click to expand...
and click 'Fix Selected'

I would get rid of the Windows Sidebar on Startup too... If you want to remove it, just right-click on the SideBar and go to Properties, and then uncheck "Start Sidebar When Windows Starts"

Then reboot into normal mode, and run CCleaner. Click the Registry button on the far left, then click Scan for Issues. After it finishes the scan, click "Fix Selected Issues" (I wouldn't save a logfile) and then remove all of the entries. then click 'Scan for Issues' again, wait for the scan and click 'Fix Selected Issues'. Repeat this process until no more issues are found

Reboot into normal mode, make note of bootup time (an actual time would be helpful - eg "56secs") and run HijackThis! again, post your log here as well as any processes using over 10,000K and your bootup time.
 
You must log in or register to reply here.
Back
Top