-
July 2nd, 2006, 09:01 PM
#1
Very slow boot - Dell Optiplex GS270 XP Pro
Dell Optiplex GS270 P4 2.8 GHz 512 MB DDR (2 x 256)
Windows XP Pro SP2 all critical updates applied
eTrust EZ AV 7.1.6.0 kept up-to-date at all times
Internet via corporate LAN to Linux Router/Firewall ADSL
Firewall does stateful incoming packet inspection (established-related)
No change to basic setup for several years
This computer was new in June 2003 and has been on this LAN and ADSL and same Router/Firewall continuously.
In February, the original local hard drive failed (boot sector failure)
Drive replaced with new blank drive and WinXP Pro SP2 installed from Dell supplied CDs.
Since the old drive did not completely fail, we were able to retrieve most data by installing as a second drive and copying select files.
For the past month, the computer has been very slow to boot. The problem has gotten worse and actually failed to complete a few days ago. I put the hard drive in another WinXP Pro SP2 computer as the 2nd drive and ran ChkDsk (I initiated Defrag on this drive and was prompted to first run ChkDsk on reboot -- which I did.)
So, I have ChkDsk-ed and Defrag-ed the drive and reinstalled it in its computer (the subject GS270). Then I used the same Dell supplied WinXP Pro SP2 CD to do a "repair install" which was successful on the second attempt (some files would not copy on the first attempt, but did copy on the second attempt).
The computer now boots, but again very slowly. What happens is
1) Dell BIOS splash screen (appears within seconds of power-on and its duration is normal -- we have lots of GS2__ computers and this acts normal to this point).
2) screen blanks (this is normal)
3) a horizontal array of blocks and spaces -- as though Alt-221 (I don't think that will show up here) Oh! It does show up.
▌▌▌▌▌▌▌▌▌▌▌▌
OK. Then after perhaps ten seconds, that line begins from the left to become solid. I know you've all seen this, except it usually doesn't last very long. Here is takes perhaps two minutes and has taken even longer.
Once that completes, the screen momentarily blanks, soon the Windows is starting picture appears, mouse pointer appears, then network login screen appears. Everything that happens after that line of boxes completes its journey from left to right seems to happen at normal speed. The computer is not at all sluggish in operation after boot.
I've read a bit here and at MSKB and it seems to me the problem may be during the NT Loader phase. But I can't prove that and wouldn't know what to do about it if I could prove it! :-)
I have followed the procedure outlined above (AdAware SE, SpyBot, ewido, two online scans (etrust and Panda) and then Hijack This.
Here is my Active Scan report first because it is small:
Incident Status Location
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Richard\Cookies\richard@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Richard\Cookies\richard@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Richard\Cookies\richard@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Richard\Cookies\richard@dist.belnk[2].txt
Now the Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 7:21:48 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\HJT\HijackThis.exe
O1 - Hosts: 224.0.0.1 RCD_SERVER
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141085871046
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
May I have some advice please?
Thanks in advance.
Chuck
-
July 2nd, 2006, 09:10 PM
#2
Followup:
I did LiveUpdate on the Symantec pcAnywhere because this computer is AWHost -- but the Firewall permits access to this pcAnywhere only from one specific IP. Whenever the dynamic IP at the remote changes, I have to change the permitted IP listing in the firewall script and restart the firewall.
Also, on the off chance pcAnywhere was the culprit, I have removed the automatic hosting at startup and rebooted several times to see if it made any difference -- it does not.
Chuck
-
July 3rd, 2006, 12:51 PM
#3
There's nothing malware-related here; you're clean. Download, install and run Cleanup! from Steven Gould, then:
1. Click Cleanup!
(wait for the program to finish scanning your system, and selecting files to be removed.)
2. Exit the program and reboot the computer, if necessary.
For more information about using Cleanup! see here.
Your slowness may be caused by your security-suite settings, or with eTrust not getting along with the Symantec application you have running. It could also be caused by a failing PSU, bad RAM or other things.
I'll move this thread to the Hardware forum where it will be seen by more people.
-
July 3rd, 2006, 08:13 PM
#4
Thanks -- still having the problem; what about this?
When I replaced the hard drive in this computer, I bought a 160 GB drive -- probably because it was there (price was right, etc.). Not giving a lot of thought to things other than the owner asking me every 30 seconds if it was fixed yet and what about his 250,000 emails that he just couldn't live without -- I set the drive up as a single partition.
Also, I guess I was giving some thought to drive letter confusion that might result from having another partition.
Do you think perhaps the POST is spending a lot of time checking out the drive and that it might get better with a smaller C: partition?
A couple of ways I could do that if it would help.
-
July 4th, 2006, 10:29 PM
#5
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|