Solved Windows XP boots well, but kind of hangs for about a minute

Dell Optiplex 7010 desktop (3.3 ghz inte...
April 4, 2018 at 16:08:07
Specs: Windows XP, P4 2.6GHZ/PC3200 1.5gig
Hi,
I have a computer with Windows XP (SP3) that starts up fine, but won't launch any apps (i.e. Firefox) for about a minute after startup. After that minute it runs well. If I wait the minute before trying to launch anything, things start normally. It's just that minute, right after the desktop appears, that things won't start. This minute is accompanied by heavy hard disk activity. It does the same thing in safe mode, so it's not likely a driver problem.
Thanks,
.... john

See More: Windows XP boots well, but kind of hangs for about a minute

Report •

✔ Best Answer
April 18, 2018 at 15:09:39
"I'm sorry for bailing on you, after all the time and effort you put into this; but, well, I got frustrated"
No problem john, main thing is you got it going properly.


#1
April 4, 2018 at 16:36:37
Hi again John.

I use these on every comp I fix & my own for many years.
If you still have them installed, make sure they are the latest versions.

Lets see if they help.

Run both of these, in this order.
1: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/...
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/2teVsjI.gif
https://i.imgur.com/ad7SEKM.gif

2: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
Solution for Wise Registry Cleaner being reported as a PUP and blocked by Antivirus
http://forum.wisecleaner.com/index....

message edited by Johnw


Report •

#2
April 4, 2018 at 17:07:57
Doth sound a little as though there is “stuff” going on in the background for a wee while.

Johnw’s first offerings likely will help some. I’d be inclined to run one or two other cleaners too afterwards; but I’ll leave Johnw to guide you through those.


Report •

#3
April 4, 2018 at 20:55:41
Might just be your Anti-Virus running at startup.

Report •

Related Solutions

#4
April 5, 2018 at 06:54:07
Thanks trvlr,
Good idea.
..... john

Report •

#5
April 5, 2018 at 07:06:30
Hi OtheHill,
Well, all I have is Malwarebytes, although I did have a couple of others a while ago that slowed everything up, and were hellish to get rid of. I removed as much as I could find from the file system and the registry (with CCleaner,etc. and physically), but yes, they could still be causing a problem. I ran WDC, just a few minutes ago, on JohnW's recommendation, and it seems to have cut the hang time in half, which is good. When my wife gets of the computer I will run WRC, and report back.
..... john

Report •

#6
April 5, 2018 at 07:53:15
So, you are NOT using ANY Anti-Virus? Malwarebytes is not a AV in the true sense. If not, you should be running something. I use Windows Defender, which is a Microsoft free product.

Running more than one AV at a time will cause problems. Post what products you had been using.


Report •

#7
April 5, 2018 at 08:48:58
Nothing really. I never have. I clone my hard drive regularly and, in recent years, have never had a problem I couldn't fix using that method. Most of the AV programs just slow everything up.
..... john

Report •

#8
April 5, 2018 at 09:03:09
Hi John,
Well, WDC dropped the lag time from 60 to 20 seconds, that's from the time the desktop appears until Firefox launches. I can certainly live with that.
WRC took about four scans before it wouldn't remove any more than 3 in the "User MRU Lists" and 1 in the "Software Path" (a Mozilla plugins reference) which I removed manually. The 3 in the UML were: 1 WRC, and 2 beginning with HRZR, which I discovered are ROT-13 encryptions, worms according to Trend Micro; which may be just leftovers. I downloaded Trend Micros solution for this, but haven't figured out how to activate it. That's all I've done to date. You have solved the lag problem. Thanks. I'm not quite sure what to do with the worm???
... john

message edited by shakushinnen


Report •

#9
April 5, 2018 at 14:05:20
"I'm not quite sure what to do with the worm???"
We shall now do some steps, to deal with that side of things john.

Here is the first step, more steps will be needed, after I see the result of this log.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
https://toolslib.net/downloads/view...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You also can find the logfile at C:\AdwCleaner [C1 or later].txt as well.
http://i.imgur.com/r3PoAEG.gif



Report •

#10
April 6, 2018 at 06:43:16
Hi John,
Alright, I did as you instructed; but had to use version 6.045, since trying to install the latest version resulted in a 'not a win32 application' error.
A couple of notes, before I post the ADW log.
1. Last night I removed the two HRZR entries from the registry, and after that the computer was back to about a 1 minute post boot lag. Also, there were quite a few more HRZR entries showing up in the WRC scan. When I ran WRC again that was reduced to 2 entries (as before) with a reduction in boot time lag.
2. After I ran ADW this morning (version 6.045) the computer had about a 1.5 minute post boot lag, with WRC showing 18 HRZR entries , which were reduced to 2 on cleaning. So, it seems like the HRZR 'worm' is the problem.
Here's the log file ...............
# AdwCleaner v6.045 - Logfile created 06/04/2018 at 13:05:53
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Administrator - THIS-1363AB1BE6
# Running from : E:\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: EsgScanner


***** [ Folders ] *****

[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Enigma Software Group


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\system32\drivers\EsgScanner.sys


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D4EF86C3-77D7-4F82-BBB8-6DFFAB6E2D32}


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1070 Bytes] - [06/04/2018 13:05:53]
C:\AdwCleaner\AdwCleaner[R0].txt - [1467 Bytes] - [01/04/2018 23:15:05]
C:\AdwCleaner\AdwCleaner[R0]_repaired.txt - [2048 Bytes] - [04/04/2018 20:18:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [1541 Bytes] - [01/04/2018 23:16:33]
C:\AdwCleaner\AdwCleaner[S0]_repaired.txt - [2048 Bytes] - [04/04/2018 20:18:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1623 Bytes] - [06/04/2018 13:04:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1526 Bytes] ##########


Report •

#11
April 6, 2018 at 09:20:03
Just for info, it is worth running ADWCleaner and MalwareBytes every now and then. They don't have to run all the time (unless you are using the paid for version of MalwareBytes).

Always pop back and let us know the outcome - thanks


Report •

#12
April 6, 2018 at 11:52:23
"Well, all I have is Malwarebytes"
Yep, next step, run Malwarebytes, Copy & Paste the contents of the log in your reply please.

Go to Settings > Protection > Scan Options & make sure Scan for rootkits is > On

message edited by Johnw


Report •

#13
April 6, 2018 at 15:33:09
Hi,
Here's the log file, after quarantining. I removed Spyhunter, after discovering that it's no good.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/6/18
Scan Time: 7:58 PM
Log File: 66f9d62c-39f6-11e8-9f46-006097bda4ee.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4642
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: THIS-1363AB1BE6\Administrator

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 109039
Threats Detected: 7
Threats Quarantined: 7
Time Elapsed: 1 hr, 27 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 2
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, [13426], [293294],1.0.4642
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, [13426], [293296],1.0.4642

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.SpyHunter, C:\ADWCLEANER\QUARANTINE\FILES\BEKGIGIMYDFNLNEBGDFPUGABVLVUEMEN\SH_INSTALLER.EXE, Quarantined, [5333], [433139],1.0.4642
PUP.Optional.SpyHunter, C:\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [5333], [433139],1.0.4642
PUP.Optional.OpenCandy, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD38254D-D99C-42CF-8012-4AFB12776FDA}\RP814\A0092188.DLL, Quarantined, [1025], [297667],1.0.4642
PUP.Optional.OpenCandy, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD38254D-D99C-42CF-8012-4AFB12776FDA}\RP814\A0092511.DLL, Quarantined, [1025], [297667],1.0.4642
PUP.Optional.SpyHunter, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD38254D-D99C-42CF-8012-4AFB12776FDA}\RP825\A0101596.EXE, Quarantined, [5333], [433139],1.0.4642

Physical Sector: 0
(No malicious items detected)


(end)


Report •

#14
April 6, 2018 at 15:35:36
Next step.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
The log can be large, upload here. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Report •

#15
April 7, 2018 at 05:56:28
Hi John,
The link is below, but a couple of notes.
..... Combofix said that I have Baidu installed. I thought I had removed it.
.... It said that it would run with reduced functionality.
..... It said that I have no recovery console, and will not attempt fixing some serious infections.
..... It wanted to connect to the internet, but said that I have no connection, which is not the case.

http://www.fileconvoy.com/dfl.php?i...
Thanks for your help.
.... john


Report •

#16
April 7, 2018 at 06:46:44
Ok john, I know what happened with Combofix

let's deal with this, it may take more than one program.
"will not attempt fixing some serious infections"
I shall start with this.

Run ESET Online Scanner. Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.

Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
http://fs5.directupload.net/images/...

Configure ESET this way & disable your AV.
http://i.imgur.com/wZF1Ppi.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...


Report •

#17
April 7, 2018 at 13:43:14
Hi John,
I was looking into this 'hackware' HRZR_PGYFRFFVBA, of which there are several entries in my registry, and they say that it is embedded in the EAROM of my RAM. They seem to be implying that there is no way of getting rid of it.
Here's the thread, for what's it's worth.
https://forum.adaware.com/index.php...
..... john

Report •

#18
April 7, 2018 at 14:55:08
"Here's the thread, for what's it's worth"
Thanks john, if you want to be really sure, we need to keep going.
It's a step by step process, at the end we will have got rid rid of all the lingering nasties.

Report •

#19
April 8, 2018 at 06:04:16
Yes, alright. I will do as you suggest as soon as I have a long enough time when the computer isn't in use.
By the way. I checked the other OS (Windows0) on the same partition, and it also has these entries in the registry; as does my other hard drive which has Windows XP and Linux. It would be interesting to see if Linux is infected, but I wouldn't know how to check that.
..... john

Report •

#20
April 8, 2018 at 12:27:47
Hi John,
Alright. I can't find the log.txt file. It's supposed to be "The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt" but I have no idea how to find that. I have no "users" folder in the C drive.
.... john

Report •

#21
April 8, 2018 at 13:56:44
Some of the folders in that path are hidden. Unhide them from File Explorer, see here:
https://kb.wisc.edu/helpdesk/page.p...

You should then be able to find the log like this, starting from your main drive:
C:\users\<your user name>\appdata\local\temp\log.txt

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#22
April 8, 2018 at 14:27:05
Good evening Derek, Thanks.

Report •

#23
April 8, 2018 at 16:35:14
Hi guys,
None of my files are hidden. And, a search did not show any 'log.txt'. Nor do I show a 'user' folder. But, my txt search showed only ~15 files (which seemed odd) so I installed Everything, et voila, the log.txt file is under Documents and settings. It appears that there is something wrong with XPs search engine.
I think this is the right file.
Keep in mind that I left both drives in the computer, while scanning.
There are still plenty of HRZR entries in the registry and the startup lag time is about 1.5 minutes. It's a fairly substantial size file, so I've put it on fileconvoy.
http://www.fileconvoy.com/dfl.php?i...
Thanks,
.... john

Report •

#24
April 8, 2018 at 16:41:22
Slowly but surely, we are getting the comp clean.

Next step.

Please download Dr.Web CureIt and save it to your Desktop. DO NOT perform a scan, until you get it on your desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. (If this is not possible, this program is portable, and runs right from the location it is downloaded to, like a USB drive or SD card.)
http://www.softpedia.com/get/Antivi...
http://filehippo.com/download_dr_we...
http://www.freedrweb.com/cureit//
http://www.freedrweb.com/cureit/?ln...
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Documentation
http://download.geo.drweb.com/pub/d...

Copy & Paste the contents of the log into a text file & upload it to File Convoy.
http://www.fileconvoy.com/index.php


Report •

#25
April 9, 2018 at 10:03:25
OK. It's says that it found nothing.
http://www.fileconvoy.com/dfl.php?i...
..... john
P.S. I have a laptop here with Windows XP, that's been slow to start lately; so I checked if for HRZR enties in the registry, and sure enough, it has lots of them. I was going to wipe it and reinstall Windows to see if the blogger (above) is right about this virus(?) being embedded in the ram; but if you want a guinea pig to experiment on ..... this is it.
.... john

message edited by shakushinnen


Report •

#26
April 9, 2018 at 15:39:14
"so I checked if for HRZR enties in the registry, and sure enough, it has lots of them"
Yep, that is normal john, I am hunting for a Rootkit.

Run DelFix
https://toolslib.net/downloads/view...
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)
Copy & Paste the contents of the log please.


Report •

#27
April 9, 2018 at 19:06:44
Wait, so you're saying that HRZR entries in the registry do not indicate a virus, or problem?
... john

Report •

#28
April 9, 2018 at 19:16:09
Some do, some don't, that side of things now appear to be clean, I'm chasing down the remaining possibles, we are nearly finished.

Report •

#29
April 10, 2018 at 06:04:47
Hi John,
Here's the log from the Delfix scan. The 'Activate UAC' option was grayed out. Thanks.

# DelFix v1.013 - Logfile created 10/04/2018 at 20:52:41
# Updated 17/04/2016 by Xplode
# Username : Administrator - THIS-1363AB1BE6
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#30
April 10, 2018 at 06:15:26
Next.

Download & run Combofix again.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.

NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select Yes.


Report •

#31
April 10, 2018 at 06:48:16
Hi,
I got the same remark about Baidu running, with the attendant warning that this might screw up my computer. And again, it told me that I was not connected to the internet, so it could not download Microsoft's Recovery Console.
Here's the log file. Thanks.
http://www.fileconvoy.com/dfl.php?i...
... john

Report •

#32
April 10, 2018 at 06:53:06
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using File Convoy.
http://www.fileconvoy.com/index.php

Report •

#33
April 10, 2018 at 07:42:43
"I got the same remark about Baidu running, with the attendant warning that this might screw up my computer"
I forgot about that, whenever an AV kicks in with a false positive, temorarily disable it.
Right click on the Baidu logo next to the clock > Exit & you will see the options.

Uninstall the remnants of BitDefender.
http://www.bitdefender.com.au/suppo...
http://www.bleepingcomputer.com/dow...
http://www.softpedia.com/get/Tweak/...


Report •

#34
April 10, 2018 at 11:42:15
Hi John,
I don't have Baidu installed. I have tried (unsuccessfully) to remove it several time.
... john

Report •

#35
April 10, 2018 at 15:43:08
Hi John,
Here's the Farbar log file. I called it '2' to differentiate it from the first time I ran it. I did not 'fix' it, since the fixlist file I have was made for the first run.
http://www.fileconvoy.com/dfl.php?i...
.. john

Report •

#36
April 10, 2018 at 15:45:35
"I have tried (unsuccessfully) to remove it several time."
Ok john, we will deal with that once I have the Farbar logs.

Report •

#37
April 10, 2018 at 15:52:27
Don't understand what you mean john. you should have 2 separate logs, I have only FRST.

"It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop"


Report •

#38
April 10, 2018 at 16:12:02
Hi John,
Sorry. I'm getting all mixed up with the cleanup we did previously on my Windows 7 computer.
I can't find an 'addition.txt', just the FRST.txt
Maybe I should run it again.
.... john
P.S. OK I ran it again. Here's the shortcut to the addition.txt I must have removed the check mark when I was considering whether to include the optional scan
http://www.fileconvoy.com/dfl.php?i...

message edited by shakushinnen


Report •

#39
April 10, 2018 at 16:17:35
"Maybe I should run it again"

Yes please john.

"If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif"


Report •

#40
April 11, 2018 at 07:25:56
Hi John,
I've attached the addition.txt shortcut to my other mail. It's here .....
http://www.fileconvoy.com/dfl.php?i...
.... john

Report •

#41
April 11, 2018 at 08:30:01
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-329068152-261903793-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S4 BavSvc; no ImagePath
S4 BdSandboxSrv; no ImagePath
S4 BHipsSvc; no ImagePath
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
AV: Baidu Antivirus (Enabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}

Open FRST or FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Report •

#42
April 11, 2018 at 09:38:41
Hi John,
Should I send you a copy of the FRST.txt after the fix is done?
..... john
P.S. Here's the Fixlog.txt. I'm not sure we're getting anywhere. Programs still take a long time to load, and there's considerable disk activity after the desktop appears.
Thanks .........

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Administrator (12-04-2018 01:44:47) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-329068152-261903793-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S4 BavSvc; no ImagePath
S4 BdSandboxSrv; no ImagePath
S4 BHipsSvc; no ImagePath
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
AV: Baidu Antivirus (Enabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}

Open FRST or FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKU\S-1-5-21-329068152-261903793-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKLM\System\CurrentControlSet\Services\BavSvc" => removed successfully.
BavSvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\BdSandboxSrv" => removed successfully.
BdSandboxSrv => service removed successfully.
"HKLM\System\CurrentControlSet\Services\BHipsSvc" => removed successfully.
BHipsSvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
IntelIde => service removed successfully.
"AV: Baidu Antivirus (Enabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}" => removed successfully.
Open FRST or FRST64 and press the Fix button just once and wait. => Error: No automatic fix found for this entry.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run. => Error: No automatic fix found for this entry.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply. => Error: No automatic fix found for this entry.
Refer these SS if needed. => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 58237 B
Java, Flash, Steam htmlcache => 5162 B
Windows/system/dllcache/drivers => 0 B
Edge => 0 B
Chrome => 5204048 B
Firefox => 48247410 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 49780 B
All Users => 0 B
systemprofile => 131700 B
LocalService => 360 B
NetworkService => 360 B
Administrator => 221293 B

RecycleBin => 2405644 B
EmptyTemp: => 53.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:44:55 ====

message edited by shakushinnen


Report •

#43
April 11, 2018 at 12:00:31
Hi John,
I think I'm beginning to losing my focus ......... I included the black underneath the blue in the fixlist. I'll try it again. Sorry.
.... john

Report •

#44
April 11, 2018 at 14:04:29
"I included the black underneath the blue in the fixlist. I'll try it again. Sorry"
No harm done john.
"Error: No automatic fix found for this entry."

Report •

#45
April 11, 2018 at 14:06:01
Next.

Run SlimDrivers, don't install anything, just upload SS of everything it finds.
http://www.softpedia.com/get/System...
http://slimdrivers.com/
http://i.imgur.com/iXZx7kX.gif


Report •

#46
April 11, 2018 at 14:11:29
"Should I send you a copy of the FRST.txt after the fix is done?"
Maybe later john.

Report •

#47
April 11, 2018 at 16:34:48
Hi John,
I wasn't sure what SS means so I'm sending you one of the logs, (I couldn't make head nor tail of it.) and a shot of the summary page.
... john

http://www.fileconvoy.com/dfl.php?i...


Report •

#48
April 11, 2018 at 16:52:36
You got it right john, sorry. SS = screenshot.

Download the Softpedia version please, no hassles with supplying an email address/registration which the authors now want on their site.
New SS please.

https://i.imgur.com/HOZCdpJ.gif
https://i.imgur.com/MgxvPFH.gif
https://i.imgur.com/pN6WgJH.gif

message edited by Johnw


Report •

#49
April 11, 2018 at 17:02:11
Use Geek Uninstaller to uninstall Driver Update first.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/GeekUn...
http://www.freewarefiles.com/screen...
http://www.geekuninstaller.com/
Just Double click on the program you want to uninstall. If it opens a web page, close it & then wait for it to present the 2nd step.

Report •

#50
April 12, 2018 at 06:34:43
Hi John,
I could not figure out how to download Slimdrivers from any of the three Imgur sites you listed. It does show up on this site:
https://imgur.com/gallery/q1BwuZQ
but again, I could not figure out how to get it. Maybe my browser (SeaMonkey) is the problem.
..... john

Report •

#51
April 12, 2018 at 07:39:37
The slimdrivers download link is the first one in response #45.

Post #48 just shows how to proceed.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#52
April 12, 2018 at 08:19:52
Hi John,
Here's the shortcut to the Slimdrivers SS. I used RevoUninstaller to remove these. I assume that it's as good as the others you listed?
http://www.fileconvoy.com/dfl.php?i...
.... john

Report •

#53
April 12, 2018 at 08:23:32
Hi Derek,
I assumed, from John's post, that there was a version on Imgur that he wanted me to use.
... john

Report •

#54
April 12, 2018 at 16:04:48
"I used RevoUninstaller to remove these. I assume that it's as good as the others you listed?"
If used properly, Revo is just as good. I prefer Geek, because it is simpler.

"Here's the shortcut to the Slimdrivers SS"
Install all of those 5 drivers john.
Start at the top, do one at a time & reboot if asked after each.

Here is a demo from a comp I was working on 2 days ago.

https://i.imgur.com/HOZCdpJ.gif
https://i.imgur.com/MgxvPFH.gif
https://i.imgur.com/pN6WgJH.gif


Report •

#55
April 13, 2018 at 11:49:12
Whatever I did, probably when I removed Slimdrivers, it won't re-install. When I click on the executable i get a black window momentarily, like a command window, then nothing. The DriversUpdate executable does the same thing.
...... john

Report •

#56
April 13, 2018 at 15:12:59
John go back to my post #1 & run both of the Wise tools as per instructions.

Then try SlimDrivers again.


Report •

#57
April 14, 2018 at 07:06:04
Hi John,
I get the same thing, after running the WDC and WRC, flash of a black screen.
... john
For what it's worth, I ran Hijackthis and am sending you it's startup log.
http://www.fileconvoy.com/dfl.php?i...

message edited by shakushinnen


Report •

#58
April 14, 2018 at 14:34:07
"I ran Hijackthis and am sending you it's startup log"
I can't see anything that helps.

"When I click on the executable"
SS of that exe please john.


Report •

#59
April 14, 2018 at 16:30:29
Oh yes, of course. By the executable I mean the exe file for installing Slimdrivers. All I get is a black windows, something like a cmd window that flashes open and closes immediately. So, I must have screwed something up.
.... john

Report •

#60
April 14, 2018 at 16:37:46
Yep I understand john, what I want is a SS of the exe you are clicking on & then getting a black screen.

Report •

#61
April 15, 2018 at 08:05:54
Hi John,
Well, it's academic now. I have downloaded a new version of Slimdrivers (I guess the other one was corrupt.) et voila! it worked. I followed your instructions and have updated what it suggested, except the drivers for the old 3com ethernet card (which it refused to update) so I simply removed it (and it's drivers) and have opted for the built in adapter. There is now nothing showing in the Slimdrivers window, as you will see.
I then went a little crazy and removed Seamonkey, Firefox, and the several versions (2,3, and4) of Net Framework, and then ran the dotnet cleanup tool. I have since reinstalled Firefox. There is still a long start time for Firefox, but interestingly, IE only takes about 15 seconds to start (which is what it did before I went on my cleanup rampage.
In conclusion, I don't think my cleanup helped anything.
Thanks again.
http://www.fileconvoy.com/dfl.php?i...

Report •

#62
April 15, 2018 at 16:04:31
"In conclusion, I don't think my cleanup helped anything"
Nice work re the drivers, step by step we are eliminating all the hiccups.

"There is still a long start time for Firefox"
1: Reset Firefox – easily fix most problems
https://support.mozilla.org/en-US/k...

2: Download the latest version of Farbar & run again, please john.
Upload the 2 logs.

message edited by Johnw


Report •

#63
April 16, 2018 at 08:45:48
Hi John,
Well, I removed Firefox and reinstalled it.
Here's a shortcut to the two Farbar files.
http://www.fileconvoy.com/dfl.php?i...
Thanks,
..... john

Report •

#64
April 16, 2018 at 18:11:22
Original Addition log, these drivers were not installed, new Addition log is Ok.


==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Other PCI Bridge Device
Description: Other PCI Bridge Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Report •

#65
April 16, 2018 at 18:14:03
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Puran Utilities 3.1 (HKLM\...\Puran Utilities_is1) (Version: - Puran Software)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
S4 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
Find Junk Files (HKLM\...\Find Junk Files) (Version: - )
Rogers Self Healing Software (remove only) (HKLM\...\SHS) (Version: - )

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

message edited by Johnw


Report •

#66
April 18, 2018 at 06:47:49
Hi John,
Well, I got pissed off and wiped the drive (using Lazesoft), then cloned my old backup onto it, again using Lazesoft. (Thanks to whoever, on this forum, suggested this application, and Hiren's boot disk.) At first I wasn't able to access the net, even after repairing Winosck and TCP/IP; so I re-installed my old 3com ethernet card, et voila! it works. There is (at present) no lag after booting. If that changes I'll let you know.
I'm sorry for bailing on you, after all the time and effort you put into this; but, well, I got frustrated.
I very much appreciate all of your efforts. Rest assured that your time was not wasted. I learned a great from you.
Thanks again,
....... john

Report •

#67
April 18, 2018 at 15:09:39
✔ Best Answer
"I'm sorry for bailing on you, after all the time and effort you put into this; but, well, I got frustrated"
No problem john, main thing is you got it going properly.

Report •

#68
April 18, 2018 at 15:29:35
The various post here on CN are very often full of useful information, which is much appreciated by all who read them; whatever the reason for, and outcome of, rhe post and responses.

Report •

Ask Question