Computer startup slow, possible RootKit problem.

I posted a request for help with a slow startup problem on the BBS Malware & virus removal forum a few weeks ago. ( "Slow Startup, Instructions Followed, Reports attached. ")

An administrator walked me through the various clean up steps and determined that my computer was clean.

During the process, I tried to run Root Repeal and RookKit Unhooker and had problems with both programs. I could not get Root Repeal to launch and RootKit Unhooker crashed my system and displayed a blue screen with the problem files listed.

Listed below are the posts from those specific problems.

I would appreciate any input on why my computer takes more than 20 minutes to stop processing/communicating after startup when it used to take five or six minutes a few months ago.

Specifically, is there a safe way I can check to see if I have a RootKit problem and what other problems should I look for?

Thanks for the help.

--------------------------------------------------------------------------
The below entries are from my previous posts on the Malware & virus removal forum.
---------------------------------------------------------------------

(My response to a request to do a startup test.)

POST A) I did the startup test and below are the results.

1) Startup with "everything" disabled as instructed: six (6) minutes to fully boot.

2) Startup with "everything "selected" (all startup items): Thirty six (36) minutes to fully boot.

3) Startup with "custom startup items selected" (usual items I use): 18 minutes to fully boot (processing light off/communication stopped.)

Based on these results, I have two questions:

1) Why would startup time go from 6 or 7 minutes to 18 minutes when no new startup items were added?

2) What startup items appear to be the problem based on the previous scans?

Thanks again for your help.
--------------------------------------------------------------------------

POST B) Having a problem with RootRepeal. I cannot get the program to launch.

When I tried to open the file RootRepeal.exe it displayed the following message and froze: "Initializing, Please Wait. "

I tried this twice and both times I had to close the file with Task Manager, which said that the file wasn't responding. On the second try I waited almost 30 minutes before I closed the file. The second try was done with a different downloaded file.

Can you advise what steps to take. Also, is there another RootKit program I can use? Thanks.
-------------------------------------------------------------------------

POST C) The following happened when I ran RooKit Unhooker:

Program launched OK. I selected Report tab and clicked Scan. I checked Drivers and Stealth and unchecked the remaining items as instructed.

When I clicked on OK the computer stopped and the blue screen appeared with the following message: (I'm just listing the key parts of the message.)

"Normandy.sys problem. Page fault in nonpage area. "
"Normandy.sys - address B96AD125 Base @ B96A9000 Date Stamp 4bda55ez.

I restarted computer and relaunched Rootkit Unhooker. This time I only ran a Quick Report from the menu and then closed the program. I haven't tried to run the program since then.

I assume this indicates that I have a specific problem with a RootKit? I look forward to your response.

--------------------------------------------------------------------------

(Below is the Quick report from RookKit Unhooker

--------------------------------------------------------------------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8059110B-->87144C08 [Unknown module filename]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x80574AA9-->8735C708 [Unknown module filename]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8059323B-->872EC960 [Unknown module filename]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805839B9-->EE46C620 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]

--------------------------------------------------------------------------

POST D) (This post is a response to me from the BBS Administrator.)

Well, at this point....

In this forum, we make sure, your computer is free of malware and your computer is clean.

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section. You'll get more attention. Good luck!

-------------------------------End of Posts-------------------------------

 

Even 5 or 6 minutes is 4 minutes too long. Seriously, how many programs do you run on startup ?

Have you checked you hard disk for errors ? Both logical [chkdsk] & physical [manufacturer's util] ? What about RAM ?

Suggest that you update System specs under My System for better answers.