Ugh Windows xp

pcscustom

Had to make that title an attention getter. heh, Anyway i know im not the only one expiriencing this problem. After xp gets to your desktop after starting up it will set for anywhere from 30secs to 2 mins virtually un usable and after it goes by it loads the rest of your startup programs and folding etc. Has anyone found a fix for this? I have heard sp2 cleared it up but when i installed a leak it fubared my baby so i reinstalled windows, I wasnt gonna leave any traces of it on here.

Trev

primesuspect

have you done a spyware scan?

Also:

Dump the contents of your C:\windows\prefetch folder.. Delete everything in there.

pcscustom

yea spyware scans are done every 3 days. Ill try the prefectch folder..

Trev

//Edit done but to no avail... Anything else? Tried google and did a few things none of which worked..

primesuspect

well, run hijackthis, and post the log here so we can see what's going on at startup.

Dexter

Are you on high speed without a router? Perhaps your ISP's DHCP server is slow to assign an IP address. What happens if you disable the local network connection and reboot it?

Dexter...

Tex

Mine hits the desktop and immediately loads all my startup apps and I have a dozen you can see in msconfig including all Nortons crap. And its takes less then 7 seconds. But I have had messed up installs after jacking around and replacing hardware and installing and uninstalling apps that gets really stretched out. May of been from registry errors or drive letter changes etc... I can be pretty brutal on my OS installs. A clean install or usually even a repair install seems to clean it up.

Tex

Tex

Dexter wrote:

Are you on high speed without a router? Perhaps your ISP's DHCP server is slow to assign an IP address. What happens if you disable the local network connection and reboot it?

Dexter...

That should of come before his login screen though. Or at least way before he see's the desktop.

Tex

pcscustom

Srry bout the response time on that one But here is the log.
Logfile of HijackThis v1.97.7
Scan saved at 8:41:24 AM, on 2/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\RivaTuner\RivaTuner.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Trevin\Local Settings\Temp\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner\RivaTuner.exe" /T
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Folding@home 4.00.lnk = C:\Program Files\Folding@Home\winFAH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37978.3674768519
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC3A4A86-BF98-4D48-9D75-090D6EDA1E4A}: NameServer = 151.164.23.201 151.164.1.8

DogSoldier

The line "C:\WINDOWS\System32\wuauclt.exe" concerns me. wuauclt.exe is the Windows ME AutoUpdate client, but you are running XP. Not saying it is a trojan or virus but you might want to read these pages: http://www.sophos.com/virusinfo/analyses/trojcultb.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html

I'd get rid of the google toolbar.

I wouldn't allow Messenger, Aim, RealPlayer, WinMX or NeroCheck to run at startup. Unless you use them constantly, they'll load fine enough from the start/programs menu. Just my personal preference.

Same with OSA.EXE, this is your MS Office. This does not need to be run at startup. Office apps load fine and with no problems through start/programs. It all comes down to available resources, the less garbage you have loading at startup, the more available you have for applications, and of course, F@H.

DogSoldier

I'd be worried about the possibility of having an IRC trojan. Shut down all open programs. Open a DOS window and type "netstat -an|more" without the quotes, press enter.
If you see any connections "established" using port 6666, 6667 or 6668. (And you are not running an IRC client,) then you may have a trojan.

Dexter

You also have a daemon program running:

C:\Program Files\D-Tools\daemon.exe

If you did not install this on your own (ie, to make F@H run as a service) then I'd be very suspicious.

Dexter...

Thrax

DaemonTools is a program that allows mounting of CD images in virtual ROM devices.

Dexter

Right, I've used that..DOH.

I don't keep it running so I forgot the actual program name. Thx Thrax.

Dexter...

Dexter

I'm still thinking it is DHCP or network related.

Hmmm, a bit of research found this:

Click "Start", "Run", type in msconfig, hit enter, click on "services" tab and deselect the "Workstation" option. After reboot you will get a warning message indicating that you have changed settings - just select the "do not show this message again" box and carry on computin'. Your hangtime problem should be solved.

Try that and see what happens.

Dexter...

Geeky1

I've had this issue on all the WinXP machines I've used that are connected directly to a DSL modem, instead of going through a router. All of those machines have SBC Yahoo DSL.

pcscustom

Geeky your on to somethin.. I am using dsl connected threw ethernet...

Trev

//Edit forgot to add Sbc.. Not using that flakey sbc ie upgrade **** either.. Raspppoe...

Geeky1

Hmm. Well, I'll elaborate on what I've had to deal with, if it'll help. I have SBC Yahoo DSL, as does my grandfather. Between the two of us, we have 4 lines- he has one at work, one at home, and one at his second home; mine is in my room.

His computers are very similar, since I gave him a list of components and he had a local company build them. The specs on his 3 desktops are:

Antec SX-635 cases w/350w Antec PSUs
MSI KT266A motherboards (one of them has RAID, the other two do not)
AMD Athlon XP 1800/1900 Palomino CPUs
512MB (1x512MB) Samsung PC2100
64MB ABIT GeForce2MX400 AGP video
onboard sound
Netgear FA310TX or FA311 NICs
Intel 56k v.90 modems (which have since been removed from two of the computers)
Maxtor D740x 60GB HDDs
16x Sony DVDs
Iomega Zip100s
24/10/40 TDK CD-RWs (one has a 32/12/40)

The problem that pcscustom is describing has happened on all three systems.

It has also happened on my computers when they've been connected directly to the DSL modem, instead of going through the router.
It's done this on my dual 2500 system, my 2.4GHz P4 laptop, and my NF7-S system.

Running windowsupdate doesn't do anything, either. I have no idea what causes it, only that it drives me insane.

Dexter

Are you guys not seeing my posts?

Try disabling the network connection, or enter in in a static IP address temporarily, then unplug the network cable and reboot. See if your system still hangs. If so, it is a lag with your DHCP server, and the best way to avoid it is to use a router.

If the lag does not go away with that test, then disable the workstation service and try rebooting. Then let me know if those things help.

Dexter...

Spinner

I have problems like this all the time, but they're always temporary. It's almost always network related. To be sure though you could do the basic thing of clearing your startup list (in msconfig) and upon restart see if that cures it (if it does you'll know its one or more of your startup items causing the delay). Presuming it's not anything like that, the easy way to confirm it's a network problem is by simply taking it out of the equation. Un-plug your computer from the network and see how it boots. Also disable any firewall software you have installed, it could be interfering with the network setting detection process.

Just a few ideas.

Cheers

(EDIT: Like Dex' has been saying... he he )

Dexter

Any update on this problem?

Dexter...

pcscustom

No, i did however take off dsl and disable network.. Didnt take care of it tho.

Trev

Dexter

pcscustom wrote:

No, i did however take off dsl and disable network.. Didnt take care of it tho.

Did you try chagning to an internal static IP temporarily and then unplugging the network? Use 192.168.1.2.

And did you try the disable workstation fix I posted? I found that in a few places, so there may be something to it.

Dexter...

kanezfan

sorry to bring this back to life, but I just wanted to mention this. I had read this thread and while I was not experiencing anything like two minutes of delay, I thought i'd disable the workstation service to see if it would help. It didn't, and I just left it off. A few days later I go to print something to a printer that is installed on my wife's computer and is shared. It didn't print, said it couldn't find the printer. I got to my network places and can't see anything. I right click my computer, properties, try to switch my computer name thinking this has to do with the fact that i did a repair install of xp after switching mobos, that didn't help either. I tried searching google, didn't find anything useful. so I was thinking screw it I'll just re-install everything this weekend. as a last ditch effort (more like "oh yeah I should have looked there first") I look through event viewer. and there it is, "RPC couldn't start because it depends on the workstation service which couldn't start either" or something like that. that's when I remembered some genius here had given me that advice to stop the workstation service. I re-enabled it and now everything works again. Dexter I love you man!

and that is one from the annals of tech gone wrong.

Tex

More people get there *ss bit by disabling services then even know about it. They end up having something they can not even relate back to what they disabled a week before not working now and blame crappy XP and tell us how they had to "format" the whole disk again and reload. And how they hate XP.... when it is usually their mucking around with stuff they didn't understand the significance of in the first place trying to make their box .00004 percent fatser by disabling a service after reading some stupid guide to "turbo-charging" XP written by a nit-wit not qualified to fix his own box much less tell others how to fix theirs. You gotta love the internet.... Anyone can be an "expert" on the internet.

There are very few services you can realisticly disable and not end up shooting your self in the foot if you network and runa wide variety of apps. And even fewer that make a differance in real life.

At least Kanez knew how to fix his problems. Most go the stupid "I had to format the whole thing...." route out of ignornace. And blame it all on "Sorry XP"

Ok my rant is over ... sorry. And no Kanez not a single line was directed at you in any way or form buddy.

Tex

kanezfan

i understand believe me. I think way too often people jump to conclusions about software or hardware problems. I've told a few people to RMA hardware when all it needed was a new driver or bios upgrade. I think we all do that sometimes, jump the gun, but it's true that people blame windows too often. I see a lot of threads here and there where people re-install XP just because they changed vid cards or something. it's not windows 95 anymore, and at the very worst all that is needed is a repair install. I mentioned this in another thread here, but I went 1 year between XP re-installs and in that time I changed motherboards once (different chipsets) and video cards three times, going from Nvidia to ATI. I only had to do the repair install after the mobo change, and for the vid cards i just changed the drivers. And yes I still got 10 million fps in UT2003, so YOU DO NOT HAVE TO FORMAT C: BECAUSE YOU CHANGE VID CARDS!!! (or any other hardware most of the time)

profdlp

Forgive me if I step on some toes, but do you guys really disable services without checking out the impact of what you did?

I've been a big fan of Black Viper's guide since the day I found it. 90% of the changes did nothing but eliminate unecessary bloat, the other 10% (stuff I needed on that computer) were easily spotted and restored. All I did was print out a list of all of the services and mark changes with "M" for Manual or "D" for Disabled. Ten minutes of tweaking and I was done.

My advice would be that after disabling a service you should check email, Internet, print sharing, local network connections and sharing, plus try your favorite online game to be sure it connects and runs properly. 'Tain't that hard...

Tex

I commented on a thread recently where the guy was gonna change motherboards and I said do a repair install and one post said at times you would have to even write zeros to the disk surface even and then do a format to get it cleaned up.

I almost threw up.

tex

DogSoldier

prof, I'm an afficiando of that site too, among others. It's where I first learned about services, what you can disable and what you shouldn't. I have print outs of what's started, whats disabled etc.. just in case things go south. I've been optimizing my systems since 98 - ostensibly for gaming, later to improve Adobe applications performance. Now it's just habit to disable (what I consider) useless services, desktop eye candy and startup applications.

kanezfan

rofl, write zeros to the disk??? how do you even do that? is that another way of saying a low level format? tell him to also expose his ram to a highly charged magnetic field to make sure it's completely cleared too. omg that's so retarded, write zeros to the disk...

/me passes the barf bag to Tex

clearly a case of knowing just enough to be dangerous