Tech Support Guy banner
Cancel

Windows XP problem (as vague as this title)

1694 Views 19 Replies 4 Participants Last post by  MFDnNC
S
I wish I could define it better. This is my first post here, and usually I don't have much difficulty finding solutions to these kinds of problems, but this time the symptoms are so vague I don't even know where to start looking.

I'm having this problem on my laptop, (Toshiba Satellite, M35-S359, 1.4GHz Centrino, with Windows XP Home SP2) and it occurs on boot, every time. Any and every application I try to start after the computer boots takes 3-5 minutes to actually come up (while the HD is being accessed the entire time, according to the light), and then only after I use ctrl-alt-del to bring up task manager. Goes like this: reboot, everything appears to come up fine; I try to open any application, HD light comes up, flickering, as if the program is loading; HD light keeps flickering for a few minutes until it mostly subsides; I hit ctrl-alt-del and HD light flickers again for a few seconds; finally, task manager pops up simultaneously with every other application I tried to open during the last few minutes. Now, task manager may or may not be necessary to bring these applications up, it's just that once I found a routine that seemed to expedite their opening, I stuck with it. After all this happens, the computer is fine until the next reboot.

This may or may not be related: Often I don't reboot my laptop for long periods at a time, usually just putting it into hibernation until I open it back up again, so my first experience with a similar occurrance of this problem wasn't related to rebooting. And again, this might not be the same problem, but it might give an indication of something larger that could be wrong. On the main windows taskbar I have a custom taskbar linked to a folder in which I put shortcuts to my most used applications; a kind of personal start menu. In that folder I have another folder with specifically shortcuts to repair and maintence applications (regclean, adaware, spybot, etc). Sometimes when on that menu, everything will freeze for 2-3 minutes if I hover over that folder. Nothing can be opened until it finally opens up that specific folder in that custom toolbar menu. Once it does open, everything works fine and I don't have any more problems with that folder for that session. With this in mind, the only guess I've had about this whole thing is that the problem is somehow related to windows explorer.

I'm sorry it's so long and vague, but I'm at my wits' end. It's generally not a huge problem, because I so rarely have to turn the pc off, and even then it's only a matter of patience when it reboots, but it's still frustrating. If anyone has any suggestions of where I should start poking around, I'd really appreciate the help.

~k
See less See more
Save
Like
Status
Not open for further replies.
1 - 20 of 20 Posts
unbidden
In your post you mention Adaware and Spybot, so I assume you have updated and run scans for spyware. Have you run an up to date virus scan?

You also may want to take a look at what is in the StartUp folder (START - All Programs - StartUp) and remove those icons, or at least the ones you don't need starting at boot.
Also, what do you have running in the System Tray by the clock on the bottom right?
Save
Like
S
Thanks, Unbidden,

I use AVG which is up to date, and after your post I ran a complete check just to be on the safe side, which came up clean; the only things showing in the system tray are AVG and the Toshiba utilities for battery/power monitor and the CD drive acoustic silencer. I also removed everything from the startup folder (the only things there were Acrobat Assistant and RAMASST -- for a moment I thought it might be that last thing, since it seems to be specifically for DVD multi drives, which I don't have, but after removing those things, the problem is still the same.
Save
Like
S
quick update: in playing around with this problem just now, it did something I hadn't experienced before.

I went to put a shortcut to hijack this in the folder on my toolbar, so in windows explorer I went to c:\drink me\repair and clean. When I opened this folder, it displayed the pictures of about half the icons, then froze as if the pc was working, and behaved exactly as it does at start-up. I tried to open firefox but nothing came up until about two minutes later, when it and the folder finally came to the foreground. Since this folder is on my toolbar, is Windows checking it when it boots up? And if so, could this be what's causing it to freeze? And again, if so, why would this particular folder (which only has a few shortcuts in it) take so long to respond to just opening it?

here's a pic of my toolbar (didn't know if html is allowed), and it may look funny cause it's at the top of the screen:

http://users.marshall.edu/~cliffor1/toolbar.jpg

going to try a couple more things just to see what happens.

(edit for accuracy)
See less See more
Save
Like
J
Run a scandisk/checkdisk. It almost sounds like you might have a failing hard drive. A defrag may be in order too, but I'd run the scan first. Actually, I'd probably back up any important files first, just in case.
Save
Like
unbidden
To be on the safe side, run an online virus scan from one of the following as I'm not too thrilled by the protection that AVG offers:

Panda free scan

Trend Micro free scan

Could you put a snap shot of your 'Processes' from the Task Manager up on a web page just as you did with the 'drink me' toolbar shot?
Save
Like
S
yeah, here's the snap shot: http://users.marshall.edu/~cliffor1/processes.jpg

after putting that up, i realized i could also get a log from HijackThis if needed. I ran chkdsk /r, but it scheduled it at reboot and I wasn't around when it finally finished, so I don't know if there were any errors (I'm assuming that it would have paused to tell me if so, before continuing to boot). Also, I took all the custom toolbar menus off of the windows toolbar, just to see if it made a difference, but no dice there as well. I'm going to run both of those virus scans now and I'll post if they come up positive.

Thanks again for all the help unbidden and Jeckler
Save
Like
M
Then get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click unzip letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
Save
Like
S
ok, here's the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:26:30 PM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\risk\Apps\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://-jux-:82/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
See less See more
Save
Like
unbidden
Concerning your Proccesses; the one program that needs to be looked into is 00THotkey.exeTake a look here
Save
Like
unbidden
I think MFDnSC will be on to something with your log file. In particular
"TGTSoft Explorer Toolbar Change" could be a problem.
Save
Like
S
ahh, thanks. still running the Trend Scan atm but might that TGTSoft be StyleXP I think? I uninstalled it pretty quick after seeing what it was about, but may not have removed everything.
Save
Like
S
finally returning to the problem...

the Panda scan turned up a virus, but didn't give me the option of removing it and pointed toward a site which seemed to misidentify what it might be (the removal page contradicted what the scan itself said). so I eventually downloaded the Kaspersky free trial and a scan with it didn't find anything. (somewhat unrelated, what is the best anti-virus software around? Everything I found seemed to rate Kaspersky and NOD32 the highest.)

the more I think about it, the more I think this problem may very well be related to that "TGTSoft Explorer Toolbar Change"; when i get the chance, I'll look into what I can do to reverse that.
Save
Like
M
Nothing terrible in that log

Do you recognize this

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://-jux-:82/

Run HJT scan only - Mark the following entry, close IE and then click fix checked

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
· Click on scanner
· Put a check by the following before you scan:
o Binder
o Crypter
o Archives
· Click the Start Scan button to start the scan.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your desktop
Post that log
See less See more
Save
Like
S
thanks for going through the log MFDnSC.

that IE start page is another machine on the network. I ran HijackThis again and removed the line for TGTSoft. I ran the Ewido scan and it didn't find anything; here's the log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:41:55 PM, 6/29/2005
+ Report-Checksum: 51D66C6E

+ Date of database: 6/29/2005
+ Version of scan engine: v3.0

+ Duration: 62 min
+ Scanned Files: 103548
+ Speed: 27.52 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
No infected files found!


::Report End

it's been behaving slightly differently though since I installed the Kaspersky AV; when the system starts up, Kaspersky loads and starts running. If I try to open something up then, it opens up slowly, just like if I were trying to open it during a AV scan -- but it actually opens. However, if i stop Kaspersky, or exit it, it then behaves like usual -- no activity for 2 minutes or so, then everything pops up at once.
See less See more
Save
Like
M
You must now have both Kapersky and AVG, that will cause problems - one of them has to go.
Save
Like
S
yeah, AVG already went.
Save
Like
M
So how are things now?
Save
Like
S
well I just got done rebooting it several times and it's still the same. With msconfig it looked like that tgtsoft had modified the boot.ini, so I switched back to the original, but still no change. Is there any way to create a boot log? and where would it save to?
Save
Like
M
Please explain again what the issue is, the original is not real clear
Save
Like
1 - 20 of 20 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top