Long pause at boot

krypticChewie · 2007/12/16

Oh wow!

I made a mistake about the drive G:

It's not my virtual drive at all. My virtual drive is I:

G: is one of my burners.

bobbyb · 2007/12/16

Ok it wil take me a while to go thru those devices. A quick scan shows nothing obvious.

Meantime do this...

Boot to safe mode and see if delay is still there. If not reboot again but to safe mode with networking. Let me know the results.

Then go here http://support.microsoft.com/kb/310353

Config XP for a clean boot and report the results. To put things back just reverse the process.

What about now?

Bobby

BillyBob · 2007/12/16

The delay does not appear to come from this, but do you have a g: drive.
Click to expand...

My money is in the fact it may well have some effect on the delay.
BECAUSE !!
Going back to an early post I see it as Windows having no real SOLID idea as to where to go and makes what it THINKS is the better choice.

The load starts in one place and then goes to another. Paths changing from G: to C: confirms that I believe.

I HONESTLY believe that thing may not be right until one of the OS installs is sent to the trash bin and Windows re-installed to what appears to be an existing C:/Windows folder where it really belongs.

I believe that BootXP makes an error in the log, so at the beginning of each section it saya G: but really means C:
Click to expand...

I don't think so.

I think too many other things disagree.

I bet dollars to donuts that when you go to browse the Virtual DVD that you will find a copy of a Windows folder there.
Click to expand...

My money is on that too.

Perhaps a backup or even from an older XP that was erased!!!
Click to expand...

OUCH !!!!

BillyBob

krypticChewie · 2007/12/16

"bobbyb said: ↑

Lets get a detailed look at your OS.

Download http://www.runscanner.net/why-runscanner.aspx

Run it select Expert mode
then Full Scan
then Start scan

Allow it time to run

after it finishes click Save text.log file
Copy the text and paste it back here.

I have been delayed so will be available for another hour.

Bobby
Click to expand...

Where do I select full scan?

krypticChewie · 2007/12/16

"bobbyb said: ↑

Lets get a detailed look at your OS.

Download http://www.runscanner.net/why-runscanner.aspx

Run it select Expert mode
then Full Scan
then Start scan

Allow it time to run

after it finishes click Save text.log file
Copy the text and paste it back here.

I have been delayed so will be available for another hour.

Bobby
Click to expand...

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : BLACKRAGE
Creation time : 16/12/2007 07:32:06 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.0.4
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
c:\program files\hp\digital imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
* c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
c:\program files\hddled\hddled.exe
c:\program files\hddled\hddledd.exe
c:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Co.)
c:\program files\hp\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
c:\windows\system32\m-audiotaskbaricon.exe (Avid Technology, Inc.)
* c:\program files\msn messenger\msnmsgr.exe (Microsoft Corporation)
* c:\program files\msn messenger\usnsvc.exe (Microsoft Corporation)
* c:\program files\common files\nero\lib\nmindexstoresvr.exe (Nero AG)
* c:\program files\common files\nero\lib\nmindexingservice.exe (Nero AG)
* c:\program files\common files\nero\lib\nmbgmonitor.exe (Nero AG)
c:\program files\nvidia corporation\ntune\ntuneservice.exe (NVIDIA)
c:\windows\system32\nvsvc32.exe (NVIDIA Corporation)
c:\program files\nvidia corporation\ntune\nvmonitor.exe (NVIDIA)
c:\program files\asus\ai booster\overclk.exe
c:\program files\energizer filesaver\ppped.exe
c:\program files\energizer filesaver\pppeuser.exe
* c:\windows\soundman.exe (Realtek Semiconductor Corp.)
c:\program files\reschanger 2005\reschanger2005.exe (EVGA CORP)
* c:\documents and settings\krypticchewie\desktop\runscanner.exe (Runscanner.net)
c:\windows\system32\zonelabs\avsys\scanningprocess.exe
c:\windows\system32\zonelabs\avsys\scanningprocess.exe
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\program files\zone labs\zonealarm\mailfrontier\mantispm.exe
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
* c:\windows\system32\zonelabs\vsmon.exe (Zone Labs, LLC)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\taskmgr.exe (Microsoft Corporation)
* c:\program files\zone labs\zonealarm\zlclient.exe (Zone Labs, LLC)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
- c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\nvidia corporation\ntune\ntunecmd.exe (NVIDIA)
c:\program files\energizer filesaver\pppeuser.exe
c:\program files\reschanger 2005\reschanger2005.exe (EVGA CORP)

004 C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup
-----------------------------------------------------------------------
c:\progra~1\active~1\active~1.exe (Ariolic Software (http://www.ariolic.com))
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
c:\progra~1\nvidia~1\ntune\nvmoni~1.exe (NVIDIA)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\adobe\acroba~1.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.)
c:\progra~1\hp\digita~1\bin\hpqthb08.exe (Hewlett-Packard Co.)
c:\progra~1\silico~1\3114sa~1\sam.jar

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\program files\common files\adobe systems shared\service\adobelmsvc.exe (Adobe LM Service)
c:\program files\energizer filesaver\ppped.exe (FileSaver Service)
c:\program files\hddled\hddledd.exe (hddledd)
c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe (MSSQL$SONY_MEDIAMGR)
c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe (MSSQLServerADHelper)
* c:\program files\common files\nero\lib\nmindexingservice.exe (NMIndexingService)
c:\program files\nvidia corporation\ntune\ntuneservice.exe (nTune Service)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe (SQLAgent$SONY_MEDIAMGR)
* c:\windows\system32\zonelabs\vsmon.exe (TrueVector Internet Monitor)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- c:\windows\system32\drivers\a742qw0w.sys (a742qw0w)
C:\WINDOWS\system32\drivers\asio.sys (AsIO)
c:\windows\system32\drivers\cdrbsdrv.sys (cdrbsdrv)
- c:\windows\system32\drivers\changer.sys (Changer)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\kl1.sys (kl1)
* C:\WINDOWS\system32\drivers\klif.sys (KLIF)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
C:\WINDOWS\system32\drivers\pcouffin.sys (Low level access layer for CD devices)
C:\WINDOWS\system32\drivers\nv4_mini.sys (nv)
c:\windows\nvoclock.sys (NVR0Dev)
C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
C:\WINDOWS\system32\drivers\siwinacc.sys (SATALink driver accelerator)
C:\WINDOWS\system32\drivers\delta.sys (Service for Delta Driver (WDM))
C:\WINDOWS\system32\drivers\si3114r5.sys (SiI-3114 SoftRaid 5 Controller)
C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Digital Imaging Video2)
C:\WINDOWS\system32\drivers\sptd.sys (sptd)
* C:\WINDOWS\system32\zonelabs\srescan.sys (srescan)
- c:\windows\system32\drivers\starport.sys (StarPort Storage Controller)
C:\WINDOWS\system32\drivers\tcpip.sys (TCP/IP Protocol Driver)
C:\WINDOWS\system32\drivers\dgivecp.sys (Team MFP Comm Driver)
* C:\WINDOWS\system32\vsdatant.sys (vsdatant)
c:\program files\winbond electronics corp\voice editor\wbhwdoct.sys (WBHWDOCT)
- c:\windows\system32\drivers\wdica.sys (WDICA)

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
- c:\windows\system32\qomllig.dll {8CEFE835-8EBF-420F-AFA2-807008E32917}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
- c:\windows\system32\geebb.dll {4D8FA5C5-2C45-435C-9641-3A65CB14A6DC}
c:\program files\free download manager\iefdmcks.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
- c:\windows\system32\qomllig.dll {8CEFE835-8EBF-420F-AFA2-807008E32917}
c:\windows\system32\sttbnana.dll {d326ac59-c76a-48a1-a2eb-8bbeceb2246d}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\progra~1\alcoho~1\alcoho~1\axshlex.dll (Alcohol Soft Development Team) {32020A01-506E-484D-A2A8-BE3CF17601C3}
c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\program files\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB}
* c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}
* c:\program files\common files\nero\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
* c:\program files\common files\nero\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
c:\windows\system32\phototoys.dll (Microsoft Corporation) {1530F7EE-5128-43BD-9977-84A4B0FAD7DF}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winzip\wzshlstb.dll (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
c:\program files\winzip\wzshlstb.dll (WinZip Computing LP) {E0D79305-84BE-11CE-9641-444553540000}
c:\program files\winzip\wzshlstb.dll (WinZip Computing LP) {E0D79306-84BE-11CE-9641-444553540000}
c:\program files\winzip\wzshlstb.dll (WinZip Computing LP) {E0D79307-84BE-11CE-9641-444553540000}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
* c:\program files\common files\nero\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
- qomllig.dll

070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
- c:\windows\system32\geebb.dll

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\downloaded program files\cpcscan.dll (Crucial Technology, Inc.) {A90A5822-F108-45AD-8482-9BC8B12DD539}
c:\program files\java\j2re1.4.2_04\bin\npjpi142_04.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
c:\program files\java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Download all with Free Download Manager : file://C:\Program Files\Free Download Manager\dlall.htm
Download selected with Free Download Manager : file://C:\Program Files\Free Download Manager\dlselected.htm
Download with Free Download Manager : file://C:\Program Files\Free Download Manager\dllink.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{495ceb8b-3af3-11dc-8be8-0017318c1619} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
{8d0e61fd-f60e-11db-8b85-0017318c1619} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
{f0f0f44f-5a1c-11db-9ae2-806d6172696f} : F:\ASUSACPI.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* c:\program files\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB}
c:\program files\winzip\wzshlstb.dll (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
* c:\program files\nero\nero8\nero backitup\nbshell.dll (Nero AG)

180 FileType Hijacking
----------------------
HKEY_CLASSES_ROOT scrfile : "%1" /S "%3 "

krypticChewie · 2007/12/16

"bobbyb said: ↑

Ok it wil take me a while to go thru those devices. A quick scan shows nothing obvious.

Meantime do this...

Boot to safe mode and see if delay is still there. If not reboot again but to safe mode with networking. Let me know the results.

Then go here http://support.microsoft.com/kb/310353

Config XP for a clean boot and report the results. To put things back just reverse the process.

What about now?

Bobby
Click to expand...

No delay for both safe mode and safe mode with networking support

Delay remains for clean boot. (Used three steps in KB, not the optional 4th step for fear of losing restore points)

BillyBob · 2007/12/16

If and when you get the problem solved I would suggest that you do indeed destory all old Restore points. So that you do not take a chance of undiong everything. Especially if the fix does involve system files or other system changes

Speaking of Restore points.

Have you made any changes and then used an older Restore Point ?

Restore points are nice to have but if they are not kept up to date they can be TROUBLE
Mr. Experience speaking.

BillyBob

krypticChewie · 2007/12/16

I have not used any in a long long while. I'm long before I started getting this problem. Which also has been a while.

bobbyb · 2007/12/16

OK

The fact that there was no delay in Safe Mode networking "pretty much but not totally" clears general networking as the cause.

Now is the time to start a new direction as I see traces of Spy/Adware in the info from RunScanner. Specifically Lop and Vundo.

1. Get and run http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Scan only post log back to us

2. After the above get and run www.atribune.org/public-beta/VundoFix.exe

3. Post the Vundo log and another HJT log after 2 above.

4. Get and run http://www.pchell.com/downloads/lopuninstall.exe

5. Get and run http://www.xblock.com/download/xclean_micro.exe Remove "ALL" it finds

Surely you have Adaware and Spybot if not get them install and update them then boot to safe mode and run them both.

Boot back to normal and post another HJT log.

Bobby

krypticChewie · 2007/12/17

1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:20:01 AM, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Energizer FileSaver\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Energizer FileSaver\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Documents and Settings\KrypticChewie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D8FA5C5-2C45-435C-9641-3A65CB14A6DC} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CEFE835-8EBF-420F-AFA2-807008E32917} - C:\WINDOWS\system32\qomllig.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {d6422bec-ebb8-be2a-1a84-a67c95ca623d} - {d326ac59-c76a-48a1-a2eb-8bbeceb2246d} - C:\WINDOWS\system32\sttbnana.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe "
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\Energizer FileSaver\pppeuser.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Startup: Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ai Booster v2.00.68.lnk = C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - Startup: NVIDIA Monitor.lnk = C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thegreatkris.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160698476195
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qomllig - qomllig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hddledd - Unknown owner - C:\Program Files\HddLed\hddledd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FileSaver Service (ppped) - Unknown owner - C:\Program Files\Energizer FileSaver\ppped.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8007 bytes

krypticChewie · 2007/12/17

2:

I ran the VundoFix but it produced no log. So I did the remove option hoping that would produce a log but no success. So here is the second Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:41 AM, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Energizer FileSaver\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Energizer FileSaver\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KrypticChewie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D8FA5C5-2C45-435C-9641-3A65CB14A6DC} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {d6422bec-ebb8-be2a-1a84-a67c95ca623d} - {d326ac59-c76a-48a1-a2eb-8bbeceb2246d} - C:\WINDOWS\system32\sttbnana.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe "
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\Energizer FileSaver\pppeuser.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Startup: Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ai Booster v2.00.68.lnk = C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - Startup: NVIDIA Monitor.lnk = C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thegreatkris.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160698476195
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qomllig - qomllig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hddledd - Unknown owner - C:\Program Files\HddLed\hddledd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FileSaver Service (ppped) - Unknown owner - C:\Program Files\Energizer FileSaver\ppped.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7733 bytes

krypticChewie · 2007/12/17

4:
Had a bit of trouble with my Anti-Virus with this but I got it to leave it alone and it did the uninstall.

5:
Did the scan and the program exitited. I assume that means it found nothing.

krypticChewie · 2007/12/17

I notice adaware and spybot both have realtime protection elements after all this is fixed should I have either, both or neither of these running on my PC? While security is important I need performance. This is the machine I used to record and mix bands.

bobbyb · 2007/12/17

Good morning Kry

Yes I forgot to warn about AntiVirus programs interfereing with some of these cleanup programs. But based on your responses to all this thread I figured you could handle it. Is why I did not take time to include links to SpyBot and AdAware.

The Lopuninstaller may or may not have totally cleaned the LOP but it usually disables it enough that Spybot and Adaware or similar programs can finish it off.

Yes Xclean Micro runs and exits if nothing found.

OK so you said you were on a network, is this a home or Corprate network? I found references to Novell Netware. In Local Area connection if there are any protocols beginning with the letters NW, AND if you are not on a Novell network then remove them. Let me know!

OK so load HJT and remove the following entries:

O2 - BHO: (no name) - {4D8FA5C5-2C45-435C-9641-3A65CB14A6DC} - C:\WINDOWS\system32\geebb.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: {d6422bec-ebb8-be2a-1a84-a67c95ca623d} - {d326ac59-c76a-48a1-a2eb-8bbeceb2246d} - C:\WINDOWS\system32\sttbnana.dll (file missing)

Note only do this one if you removed or have no Netware protocols in Local area connection
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
(note this is a winsock entry and will probably not remove and HJT will alert you) We will get this with LspFix later if needed.

O20 - Winlogon Notify: qomllig - qomllig.dll (file missing) HJT may complain on this.

OK on running the realtimes for Spybot and AdAware if you run them regularly 2-3 times a month then for performance no, I don't but I maintain regularly. You are loaded already. Do not run SpyBot's Tea Timer and after scanning and cleaning go to services and set the AdAware service to manual.

So get the SpyBot and Adaware scans in Safe mode and post new HJT scan and answer the above questions.

Bobby

BillyBob · 2007/12/17

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Energizer FileSaver\ppped.exe
C:\WINDOWS\system32\svchost.exe
Click to expand...

OK one more time.
Will one of you more professional people take a close look at the above to see if you see what I see ?

I see svchost.exe loading ( or trying to ) not only three times but from two differrent locations. And may well not be loading properly.

I have also noticed the reference to different folders in other places.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
Click to expand...

Again. Two different folders I believe.

I hear someone calling for help. Will be back later.

BillyBob

krypticChewie · 2007/12/17

Installed Spybot, it found some stuff and I got rid of them.
Then I used Aware 2007 Pro 7.0.2.5 Portable, it found some cookies and I got rid of those.

Restarted.
Got the same delay
Then then did this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:41 AM, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Energizer FileSaver\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Energizer FileSaver\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KrypticChewie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D8FA5C5-2C45-435C-9641-3A65CB14A6DC} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {d6422bec-ebb8-be2a-1a84-a67c95ca623d} - {d326ac59-c76a-48a1-a2eb-8bbeceb2246d} - C:\WINDOWS\system32\sttbnana.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe "
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\Energizer FileSaver\pppeuser.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ai Booster v2.00.68.lnk = C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - Startup: NVIDIA Monitor.lnk = C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
O4 - Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thegreatkris.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160698476195
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qomllig - qomllig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hddledd - Unknown owner - C:\Program Files\HddLed\hddledd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FileSaver Service (ppped) - Unknown owner - C:\Program Files\Energizer FileSaver\ppped.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8161 bytes

krypticChewie · 2007/12/19

No more help?

electronerdz · 2007/12/19

Pause in XPSP2RES.DLL

kryptic, I am having the same problem as you on a customer's computer. I ran the same program you did. Some of the people on this post didn't seem to know what you are talking about. The problem is the Explorer.exe process is hanging after the login process. The exact DLL that it is hanging on is xpsp2res.dll. This is what appears in your log, as in mine. And I believe for the same amount of time. I am not quite sure what this file is for, but the fact that it is hanging on Explorer.exe tells me that it could be some sort of inconsistency in some file that gets loaded at startup, or in the networking. For example, I've seen computers hang because of a bad link in Network Places. I am still investigating the problem (as I find "reinstalling Windows" to be a last resort). If I find a solution, I will be sure to let you know. I really need to find out what the xpsp2res.dll file is for. Obviously something to do with Service Pack 2.

BillyBob · 2007/12/19

I see two totally different problems.

The last log file by krypticChewie clearly shows Window trying to load system files more than once and from different folders

Alias. Two installs of Windows.

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

Same file being called from two different folders.

tells me that it could be some sort of inconsistency in some file that gets loaded at startup
Click to expand...

That just might be true in both cases.

And you had best watch your remarks about us not knowing what we are talking about. Because we are only posting ideas and what we think might be the cause of a problem.

as I find "reinstalling Windows" to be a last resort).
Click to expand...

And I have found an over top re-install done properly ( with the machine booted from Power off state to a DOS Floppy with CDROM support) to fix many a problem.

I have files on this PC dated WAY BACk in 1996. Do you still wish to tell me I do not know what I am talking about ?

Gotta get some sleep
BillyBob

gintaly · 2007/12/19

"krypticChewie said: ↑

When I'm booting into windows when the background comes it stays there for about 2mins with no disk activity and then boots up fine. I am having trouble finding what is causing this delay. Can someone give me some ideas?
Click to expand...

couple of things. Not enough RAM, too many programes are loading at startup chek your system tray?. Slow pc

Log in or Sign up

Long pause at boot

krypticChewie Inactive Thread Starter

bobbyb Inactive

BillyBob Inactive

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

BillyBob Inactive

krypticChewie Inactive Thread Starter

bobbyb Inactive

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

bobbyb Inactive

BillyBob Inactive

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

electronerdz Inactive

BillyBob Inactive

gintaly Inactive

Share This Page

Log in or Sign up

Long pause at boot

krypticChewie Inactive Thread Starter

bobbyb Inactive

BillyBob Inactive

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

BillyBob Inactive

krypticChewie Inactive Thread Starter

bobbyb Inactive

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

bobbyb Inactive

BillyBob Inactive

krypticChewie Inactive Thread Starter

krypticChewie Inactive Thread Starter

electronerdz Inactive

BillyBob Inactive

gintaly Inactive

Share This Page

Useful Searches