Start up problems xp

Status
Not open for further replies.
I

Igorica

New Member
Thread author
Apr 8, 2012
36
Hi guys! I need some help, and I hope that I am in the right place. I am dummy for problems like this one.

My laptop is having difficulties when starting up, it becomes very slow after I choose user and "loading your personal settings" lasts about a minute. After that it shows desktop pictures without start menu and other icons, and after about 30 sec. to one minute icons and start menu appear. I did quick scan on Malwarebytes anti-malware and there is ok all. Antivirus protection is Avira. Also I notice that I need more time when I want to open "add/remove programs". What could this be?
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Has your computer always been like this or it suddenly became really slow? You may also have alot of start items, what is your processor speed and how much RAM do you have?

Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Change Standard Registry to All
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 
I

Igorica

New Member
Thread author
Apr 8, 2012
36
Fiery said:
Hi,

Has your computer always been like this or it suddenly became really slow? You may also have alot of start items, what is your processor speed and how much RAM do you have?
Click to expand...

Hi! It hasn't always been like this. In April of 2012 I got a virus "windows process accelerator" and removed it with help of some guys here but some time after that I notice that it became a little slow and now it becomes slower when starting up. I don't know if that has any connection with this, probably not but I am not sure. The processor is dual-core processor TK-57, 1.89 GHz 1.87 GB of RAM.

It only showed one notepad, I cannot see that minimized. :/
 

Attachments

  • OTL.Txt
    124.9 KB · Views: 121
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

I'm moving this thread to the Malware Removal Forum. Please perform the steps below in the order presented.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
PRC - E:\Documents and Settings\All Users\Application Data\Premium\WxDFast\WxDFast.exe ()
PRC - E:\Documents and Settings\All Users\Application Data\Premium\OptimizerPro1\OptimizerPro1.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0918A1-9F36-4FAD-96E8-8B6772C89D37}: NameServer = 10.10.150.23 80.71.144.1
[2013.01.29 02:31:02 | 000,000,314 | ---- | M] () -- E:\WINDOWS\tasks\BMYXYVGX.job
[2012.11.03 23:31:28 | 000,094,208 | RHS- | C] () -- E:\WINDOWS\System32\125204375.dll
[2009.08.28 16:55:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\0399
[2009.06.21 21:29:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\101BF
[2009.07.31 10:15:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\116D
[2009.06.17 21:32:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\131C
[2009.09.09 12:10:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\13232
[2009.04.21 12:59:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\15232
[2009.09.07 12:36:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\18148
[2009.08.18 18:02:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\19251
[2009.04.19 16:11:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\19DA
[2009.06.12 15:15:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1A29F
[2009.06.05 22:45:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1B1D4
[2009.09.05 15:08:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1C2BF
[2009.09.10 21:02:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1F1D4
[2009.04.24 14:53:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\24109
[2009.09.04 21:33:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2C6D
[2009.08.30 11:46:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2D157
[2009.06.02 16:27:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2D271
[2009.04.19 04:53:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2E1C5
[2009.06.22 11:56:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2E5D
[2009.05.01 16:27:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2F1E4
[2009.05.14 15:28:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\302AF
[2009.09.06 04:32:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\331A5
[2009.06.13 11:30:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\36148
[2009.04.25 12:17:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\361A5
[2009.07.03 23:50:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\3636B
[2009.05.07 03:06:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\37DA
[2009.04.28 18:18:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\392AF
[2009.06.24 16:45:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\3B36B
[2009.08.20 17:05:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\61A5
[2009.06.14 13:26:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\72EE
[2009.06.19 11:16:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\A33C
[2009.04.28 18:06:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\C38A
[2009.05.07 00:43:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\D6D
[2012.09.29 23:58:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Premium
[2012.12.15 21:12:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\korisnik\Application Data\Incredibar.com

:Files
E:\Documents and Settings\All Users\Application Data\Premium
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 
I

Igorica

New Member
Thread author
Apr 8, 2012
36
Fiery said:
Hi,

I'm moving this thread to the Malware Removal Forum. Please perform the steps below in the order presented.

Open OTL. Under custom scan/fixes, copy and paste the following:
Click to expand...

I could not do it. When I opened OTL and pasted that text in it, it responded that it couldn't do it and my antivirus protection warned me that a virus is detected, and after that I couldn't do anything more, so after a couple of minutes I turned off my laptop. Should I try again?

And by the way I think that I found that minimized log if that is important at all.
 

Attachments

  • Extras.Txt
    36.9 KB · Views: 98
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Disable all your antivirus and security application first, then try this new OTL fix. Also, try the fix in safe mode

Open OTL. Under custom scan/fixes, copy and paste the following:

:processes
KILLALLPROCESSES

:OTL
PRC - E:\Documents and Settings\All Users\Application Data\Premium\WxDFast\WxDFast.exe ()
PRC - E:\Documents and Settings\All Users\Application Data\Premium\OptimizerPro1\OptimizerPro1.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0918A1-9F36-4FAD-96E8-8B6772C89D37}: NameServer = 10.10.150.23 80.71.144.1
[2013.01.29 02:31:02 | 000,000,314 | ---- | M] () -- E:\WINDOWS\tasks\BMYXYVGX.job
[2012.11.03 23:31:28 | 000,094,208 | RHS- | C] () -- E:\WINDOWS\System32\125204375.dll
[2009.08.28 16:55:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\0399
[2009.06.21 21:29:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\101BF
[2009.07.31 10:15:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\116D
[2009.06.17 21:32:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\131C
[2009.09.09 12:10:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\13232
[2009.04.21 12:59:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\15232
[2009.09.07 12:36:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\18148
[2009.08.18 18:02:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\19251
[2009.04.19 16:11:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\19DA
[2009.06.12 15:15:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1A29F
[2009.06.05 22:45:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1B1D4
[2009.09.05 15:08:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1C2BF
[2009.09.10 21:02:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1F1D4
[2009.04.24 14:53:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\24109
[2009.09.04 21:33:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2C6D
[2009.08.30 11:46:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2D157
[2009.06.02 16:27:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2D271
[2009.04.19 04:53:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2E1C5
[2009.06.22 11:56:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2E5D
[2009.05.01 16:27:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2F1E4
[2009.05.14 15:28:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\302AF
[2009.09.06 04:32:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\331A5
[2009.06.13 11:30:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\36148
[2009.04.25 12:17:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\361A5
[2009.07.03 23:50:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\3636B
[2009.05.07 03:06:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\37DA
[2009.04.28 18:18:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\392AF
[2009.06.24 16:45:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\3B36B
[2009.08.20 17:05:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\61A5
[2009.06.14 13:26:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\72EE
[2009.06.19 11:16:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\A33C
[2009.04.28 18:06:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\C38A
[2009.05.07 00:43:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\D6D
[2012.09.29 23:58:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Premium
[2012.12.15 21:12:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\korisnik\Application Data\Incredibar.com

:Files
E:\Documents and Settings\All Users\Application Data\Premium
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
 
I

Igorica

New Member
Thread author
Apr 8, 2012
36
I turned off Avira protection and run OTL and got this in attach.

Should I turn off Avira protection when I run next steps?

I have some problems with attaching the log now

Don't know what is the problem... :/
 
I

Igorica

New Member
Thread author
Apr 8, 2012
36
one more log

I got the log from the OTL running but can't post it here. Should I try again to run OTL?
 

Attachments

  • RKreport[1]_S_01292013_02d1916.txt
    3.9 KB · Views: 108
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Almost done,

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)



Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
 
I

Igorica

New Member
Thread author
Apr 8, 2012
36
I downloaded Malwarbytes Anti-Rootkit and run mbar.exe. Didn't see anywhere "Create Restore point" and I didn't have to use "Cleanup" because nothing was found. And also it didn't reboot. So I didn't do another scan (Did I have to?). Also, I didn't got any logs from those actions.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
That means MBAR didn't find anything. Not quite done yet,

  1. Download aswmbr.exe from the below link:
    aswMBR DOWNLOAD LINK <em>(This link will automatically download aswMBR on your computer)</em>
  2. Double click the aswMBR.exe to run it.
  3. Click the [Scan] button to start scan
    avast-mbr-1.png
  4. On completion of the scan click [Save log], save it to your desktop and post in your next reply.
    avast-mbr-2.png


Download List Parts 32bit. Double click on the Listpart icon and click scan. A log will be generated, post it in your next reply.
 
I

Igorica

New Member
Thread author
Apr 8, 2012
36
Here we go...
 

Attachments

  • aswMBR.txt
    991 bytes · Views: 101
  • Result.txt
    1.6 KB · Views: 97
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Sorry i haven't replied yet, i have been sick (vomitting and fever for the past day). My colleague Kuttus will be working on your case :)

Fiery
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi,

The above logs seems Good only... How's the computer working now?

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
 
Last edited by a moderator:
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
New Update Microsoft may be reviving the People app in Windows 11
Replies
2
Views
175
Windows 11
Marko :)
Marko :)
lokamoka820
    • Like
    • Thanks
    • Applause
Hot Take Here's the Easiest Way to Reinstall Windows 11 and Fix Problems
Replies
51
Views
2,266
Windows 11
HarborFront
H
lokamoka820
    • Like
New Update KDE Plasma 6.2 Released, This is What’s New
Replies
1
Views
150
ChromeOS & Linux
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top