# Solved: How can I tell what is making my computer so slow?



## shopgurl (Nov 27, 2008)

I have a Gateway desktop w/ Intel Pentium 4 CPU 1.80GHz, 384 MB of RAM, Windows XP Home Ed., Ver 2002. I know that's really slow and old, but it's been so much faster in the past than it is now. I mostly use it for accessing the internet. I don't download a lot (at least not purposely!) No digital photos, music etc. Very minimal documents, mostly word and the occasional excel or power point from work. It is slow not just at start, but when opening any new site or page or clicking around. I recently added a magic jack internet phone, but it was slow long before that.

My ex-boyfriend is in IT & used to help me with this stuff, but he's MIA, so I'm trying to learn to do this myself. I researched free downloads at sites like PC magazine. I was laid off a few months ago, so I'm really trying to do this as inexpensively as possible. (Although I am not opposed to doing something like buying more RAM -if that's even possible and might help, but I'm trying to stick with free software.) I ran ccleaner yesterday, and it seems a little faster, but not enough. I tried defragging it using the system tools/disk clean-up on my computer. I've used purchased security programs before, but all or most of them are no longer in use, because I have not spent the money to renew the license.

But I'm shooting in the dark, which leads to my main question. Is there a way to diagnose exactly what's slowing my computer down so much? If I can figure that out, I may have follow-up questions, but at least I'll know what I'm trying to do. Right now I don't even know what program I should look for next; registry cleaner? anti-virus? anti-spyware? overall security? anti-spam? malware removal?

Thanks in advance for any help you can provide.


----------



## ACA529 (Nov 16, 2005)

Try opening the task manager and click on the "Processes" tab. Then click "CPU" and scroll to the bottom and tell me which process is using up most of the CPU.


----------



## shopgurl (Nov 27, 2008)

Sorry I couldn't get back to you yesterday. I managed to get a few minutes away from the Thanksgiving festivities, but just long enough to find task manager and copy down some of the processes that seem to be using the most memory...I hope that is the same thing you were asking.

*PROGRAM / MEMORY / USER / CPU*

iexplore.exe 57832K Owner 0
acroRd32.exe 16092K Owner 0
iexplore.exe 19200K Owner 0 
taskmgr.exe 22524K Owner 0-17
magicJack.exe 14900 Owner 0 
helpsvc.exe 11468 System 0-2

I tried to do the info above in a chart, but I see that once it's posted, all the info runs together. Sorry about that, hopefully it's still clear. That is the processes using over 10,000K in memory. Under CPU, most of them said zero, and the few with a number fluctated alot. So I looked at the larger numbers for memory. At the bottom it says 39 processes and CPU usage fluctuated between 2-10%. I tried in vain to copy the whole list but could not figure out a way to do it, so I hope that is the right info.

Thanks!


----------



## ACA529 (Nov 16, 2005)

Please read this thread for instructions on installing Hijackthis: http://forums.techguy.org/malware-removal-hijackthis-logs/622404-please-read-here-first-before.html


----------



## shopgurl (Nov 27, 2008)

Thanks, I will read instructions and then install HiJackThis. In the meantime, I do have a question. 

I really want to understand how this works so I know how to do it in the future. Since you're now referring me to a malware program (I think), does that mean there is nothing unusual in the above, in terms of CPU/memory usage for the processes in task manager? What were we looking for -that is, what CPU or memory usage is large enough to consider as possibly contributing to the problem?

Thanks very much for your help!


----------



## ACA529 (Nov 16, 2005)

The CPU and memory usage looks OK if those are the programs that are using the largest amounts. 

You have very little RAM in your computer. I recommend getting more RAM. Most new computers now come with at least 1GB. 

Are you by any chance running two anti virus programs at the same time? 

I recommended downloading Hijackthis so that a security expert can take a look at your log to make sure that your computer is malware-free.


----------



## shopgurl (Nov 27, 2008)

When I read your recommendation on RAM, I remembered...about 2 years ago I had a guy (Rob) work on my computer and he added 256 MB of RAM (to the original 384MB.) I'm not sure if that was reflected anywhere in the info I sent you. I realize that's still very little RAM, but I wanted to make sure you knew in case it makes a difference. I would like to get more RAM. How can I tell if I can add more RAM? I'm guessing I can't just keep adding it indefinitely to my little, old computer. If I can add RAM, what do you recommend?

I probably am running several antivirus programs, but they are out of date. I had Norton Internet Security in 2004, but never renewed it. The guy who added more RAM (Rob) loaded some programs (in 2006): I think Adaware 6, Avast, Spybot, and Webroot/Spy Sweeper. but I don't think they are still current. One of them (Spysweeper) still runs a scan every Sunday night, but will not fix anything without my paying to buy a new version. Also I installed Panicware Pop-up Stopper shortly before all the other programs were installed in '06, because I had a major problem with pop-ups. Pop-up stopper didn't help as I recall, but after Rob was done working on my computer, and loaded those programs, it was working great and running fast.

The programs listed are all the ones shown when I hit the start button and all programs. Most of them have an "uninstall" option. Do you think I should uninstall some of them?

Thanks!


----------



## tikkyisrad (Nov 28, 2008)

While, your ram is really your biggest problem, your going to see a significant increase of speed when you get up to 1 gb, but most programs these days are becoming more and more memory hogs, so more than 1 gb is your best bet. Unfortunately, ram is pretty expensive. It's easier to buy it online from newegg, tiger direct, and your best bet of buying it is from crucial. Crucial will find absolutely guarunteed compatible ram.


----------



## shopgurl (Nov 27, 2008)

I thought it might be easier to break this up and give the HiJackThis info in a separate email. Here is the log. Your last email mentioned having a security expert look at my log. Are you a security expert, or do I need to post this somewhere else and find someone else to review it? I just wasn't sure. Thanks very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:10 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINNT\system32\taskmgr.exe
C:\PROGRA~1\MI1933~1\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

http://www.moneycentral.msn.com/community/message/board.asp?board=SmartSpending
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI 

RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton 

AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft 

Money\System\mnyviewer.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI 

RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton 

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" 

AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" 

MAGICJACK
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program 

Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default 

user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL 

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize &Menu - file://C:\Program Files\Siber Systems\AI 

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI 

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &^ - file://C:\Program Files\Siber Systems\AI 

RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber 

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program 

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI 

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &^ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program 

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber 

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program 

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft 

Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network 

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - 

C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - 

http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - 

http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - 

http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 

http://software-dl.real.com/245ebd09140e71b53f05/netzip/RdxIE601.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - 

https://70.224.114.166/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C248F7CA-CD4D-4676-A2C6-E84570B17922}: NameServer = 

216.144.192.250 166.90.244.194
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil 

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common 

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common 

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common 

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common 

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program 

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS 

(file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - 

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program 

Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec 

Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9843 bytes


----------



## tikkyisrad (Nov 28, 2008)

shopgurl said:


> When I read your recommendation on RAM, I remembered...about 2 years ago I had a guy (Rob) work on my computer and he added 256 MB of RAM (to the original 384MB.) I'm not sure if that was reflected anywhere in the info I sent you. I realize that's still very little RAM, but I wanted to make sure you knew in case it makes a difference. I would like to get more RAM. How can I tell if I can add more RAM? I'm guessing I can't just keep adding it indefinitely to my little, old computer. If I can add RAM, what do you recommend?
> 
> I probably am running several antivirus programs, but they are out of date. I had Norton Internet Security in 2004, but never renewed it. The guy who added more RAM (Rob) loaded some programs (in 2006): I think Adaware 6, Avast, Spybot, and Webroot/Spy Sweeper. but I don't think they are still current. One of them (Spysweeper) still runs a scan every Sunday night, but will not fix anything without my paying to buy a new version. Also I installed Panicware Pop-up Stopper shortly before all the other programs were installed in '06, because I had a major problem with pop-ups. Pop-up stopper didn't help as I recall, but after Rob was done working on my computer, and loaded those programs, it was working great and running fast.
> 
> ...


As far as your questions on the ram, see my last post. 

For programs. Unfortunately, uninstall is going to be somewhat useless. The bad things about these antivirus softwares are they find ways to stay on your computer even after you hit uninstall.

To get rid of Norton (one of the worst programs on the face of the earth) you will have to learn to get into the registry.
Dave taylor has a step by step guide, which I used and had good results with. http://www.askdavetaylor.com/how_to_fully_remove_norton_from_pc.html

Try to get rid of spysweeper, because this also sounds like a waste of space.

Panic Pop Up Blocker sounds like a slight scam to me. And your best bet is to try AVG, which will come with a pop up blocker.

Which leads to my other point. you're going to want a program that has it all in one foul swoop. AVG, a free antivirus, is a decent antivirus.

If you have more questions, feel free to ask!


----------



## shopgurl (Nov 27, 2008)

tikkyisrad and ACA529,

Thanks for the info on RAM. I checked out newegg and it looks like there are options in the $30 - $100 range for RAM which is ok. It looked like they carry the Crucial brand. I went on the crucial site, and filled out the info on my system. I found some of my notes that my computer originally had only 128MB, so when 256MB was added, that got me up to 384MB. Crucial says I have 2 slots and I'm guessing the 256 used up one of them, and they said I can have a max of 2048MB (or 2GB.) Crucial's site also has a scanner which says it will get info on my system to guarantee the RAM I buy is compatible. Do you recommend I download the scanner? 

Thanks.


----------



## tikkyisrad (Nov 28, 2008)

shopgurl said:


> tikkyisrad and ACA529,
> 
> Thanks for the info on RAM. I checked out newegg and it looks like there are options in the $30 - $100 range for RAM which is ok. It looked like they carry the Crucial brand. I went on the crucial site, and filled out the info on my system. I found some of my notes that my computer originally had only 128MB, so when 256MB was added, that got me up to 384MB. Crucial says I have 2 slots and I'm guessing the 256 used up one of them, and they said I can have a max of 2048MB (or 2GB.) Crucial's site also has a scanner which says it will get info on my system to guarantee the RAM I buy is compatible. Do you recommend I download the scanner?
> 
> Thanks.


Crucials scanner is a-ok to use.  it didn't take to long for me, and got me exactly what I needed.

If you buy from crucial you will most likely get the better price, although newegg will probably have some on sale if you watch them, which will be better than crucials base price. Don't fall for computer stores (like best buy, office max etc) prices, and for sure dont' pay them to install the ram for you. It's so amazingly easy. Crucial will even give you directions if you'd want them.


----------



## Rich-M (May 3, 2006)

You need to uninstall, Norton, and Spysweeper. Also Registry Booster...I know they advertisae it here but it is crap and is destructive of your system.
You also need to go "Run,msconfig,ok,startup" and uncheck all the following then hit apply and reboot:
Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 
Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe"
.\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
.\Run: [Uniblue RegistryBooster 2009] C:\Program
Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User \Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe 
You also are running without any antivirus or antispyware so I agree you need to download and run Avg 8.0 Free and update and scan with it, then www.superantispyware.com and do the same thing...


----------



## atnskyline (Aug 7, 2008)

i recommend a new processor and more ram. get at least 2 ghz cpu dual core and 2 gb ram, you may need a new mother board too, i think its more pc components rather harddrive contents


----------



## dvk01 (Dec 14, 2002)

Having 2 or more antiviruses will cause a tremendous slow down
#
Uninstall them

and ONLY leave 1 antivirus


----------



## atnskyline (Aug 7, 2008)

i know thats true-most of the time, but certain products will in fact work better together. i have mcafee disabled and am getting rid of it when it expires-that slows down my pc.

threat fire also works well will other antivirus apps


----------



## Kenny94 (Dec 16, 2004)

atnskyline said:


> i know thats true-most of the time, but certain products will in fact work better together. i have mcafee disabled and am getting rid of it when it expires-that slows down my pc.
> 
> *threat fire also works well will other antivirus apps*


ThreatFire claims it's compatible with other antivirus programs. But I feel the same way as this post at: http://www.helpwithpcs.com/tech-support-forum/viewtopic.php?t=2994

The bottow line is, Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. They conflict with each other (period)

There are basically two types of these programs:
*On-Access* and *On-Demand*

*On-Access Scanners*
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

*On-Demand Scanners*
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.


----------



## atnskyline (Aug 7, 2008)

i have the two best free antivirus programs. avast and avira, i have avira on accss disable. i also have comodo. my comodo and avast work fine, both on access.


----------



## shopgurl (Nov 27, 2008)

This question is primarily for ACA529 or Rich M, or dvk01.

ACA529 was very kind in answering my post initially, and my first few follow-up questions. The last post I received from ACA529 suggested running HiJackThis and having my log reviewed by a security expert. I did that and posted the log on 11-28.

How do I get a security expert to review it? Rich M's post 11-28 sounds like he may be a security expert & seems to be referencing things from the log, but I'm not sure. Should I go ahead & follow the suggestions in Rich M's post, or is there another forum I should post the log in to have a security expert look at it? Or is there another way to contact a security expert? Is a security expert anyone who feels they have that expertise, or are do certain people here in the forums have that designation? Rich M, I don't mean to sound like I'm doubting your advice. I know so little about this, and it seems like (from reading all responses to my original question) there is no one definitive answer - there are several conflicting opinions, so I can't follow everyone's advice. I'm just trying to figure out what to do next and to do that, I'm trying to figure out if your post is the next logical step in the directions I received from ACA529 initially.

dvk01, I am also looking for your input, since you posted suggestions on 11-29 & I see you're a moderator. I'd appreciate your advice on how to proceed with the HiJackThis log. Also, can you tell me which spyware I should uninstall & which to keep? Or should I uninstall them all and then install one of the ones recommended here? I'd like to utilize a free one if possible -what do you recommend?

Thank you very much.

Shopgurl


----------



## ACA529 (Nov 16, 2005)

The security expert would be dvk01.

http://forums.techguy.org/6301241-post15.html


----------



## Rich-M (May 3, 2006)

Agreed the gold shield is dvk01.
My suggestions for startup removal have nothing whatsoever to do with security, those are to speed up your pc and I do that every day of the week in the field before I even do anything else to a client pc, is to free up startup so the pc will run right and not waste so much of my time.


----------



## dvk01 (Dec 14, 2002)

The most important thing is remove one of the antiviruses

I can't tell you which one to keep, that is up to you 

That will stop 99% of the problems


----------



## rattlesnake18 (Jan 1, 1970)

dvk01 is right, by running two programs that are doing the same thing will just cripple your system. 

try updating your virus programs and running only one anti-virus program (i don't know how long it will take you based on what you said about your pc's performance) and see if it picks up anything. next, if you can update and run your spyware programs one at a time. next, check to see if you have any updates for your Windows XP. and finally, download CCleaner which helps removes junk files and checks your registries to see if there is any errors. since your system has low RAM you should consider upgrading if you can but at this point just focus on updating all your anti-virus programs and spyware programs and running them one at a time to see if you can find what is slowing your pc down.


----------



## dand22 (Dec 4, 2008)

Uninstall Norton. 
Then uninstall all the other stuff these guys have talked about. 
Install AVG or some other free anti virus and then check the speed of you system. 
If you OK then, you do not need RAM. 
If you still slow then look to upgrade RAM. 

The reason you need to do them in this order is because, you might go out and buy more RAM and still run really slow because of stuff installed that you don't need. 


You might want to make a back up of your data before you run this. 

Also run a complete check disk. You might have a small disk problem and a complete check disk may solve the problem. 
Right click on C:
Go to properties. 
Go to Tools
Under Error checking click Check now. 
Check mark both boxes and click OK until all the widows dissappear and then restart. 
You computer will be down for 45 minutes or so running through 5 stages of a check disk. 


Dan


----------



## atnskyline (Aug 7, 2008)

on my pc i have comodo CIS with the antivirus on acess enabled, avast home with on access enabled, avira on access disabled and mcafee-totaslly disabled, i hate it and getting rid of it when it expires. my pc runs very fast still.


----------



## dand22 (Dec 4, 2008)

Keep in mind she has memory issues. If she uninstalls some of these programs she might not have to upgrade memory and therefore she can save money.

Lets say you have 2 gig built in on your system or whatever. You boot and your PF usage is under 2 gig. Then you don't have a problem.

If she is running 560 and her PF usage is over 560 then she will gain ground by uninstalling.

Also none of that has anything to do with the check disk. If her hard drive is having an issue, you can do all of the rest of it and it will still run slow.

Here is a link to the Avast site. 
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1

Dan


----------



## atnskyline (Aug 7, 2008)

i know many people say not to use a registry cleaner, but it speeds up the pc and never has it failed for me, alsways 200% good. do a system chackpoint, and run comodo registry cleaner-free, auslogics disk defrag-speeds up your pc~25%. and auslogics registry defrag. all are free and i guarentee you they will not fail. run disk cleaner then reg cleaner, reg defrag, then disk defrag.



i heard that you said you HAD security apps and no longer have them. you most likely have spyware slowing things down. get superantispyware free and run it. and also after you uninstall an app delete its folder from the My programs file in my computor.


----------



## Rich-M (May 3, 2006)

atnskyline said:


> i know many people say not to use a registry cleaner, but it speeds up the pc and never has it failed for me, alsways 200% good. do a system chackpoint, and run comodo registry cleaner-free, auslogics disk defrag-speeds up your pc~25%. and auslogics registry defrag. all are free and i guarentee you they will not fail. run disk cleaner then reg cleaner, reg defrag, then disk defrag.
> 
> i heard that you said you HAD security apps and no longer have them. you most likely have spyware slowing things down. get superantispyware free and run it. and also after you uninstall an app delete its folder from the My programs file in my computor.


Something you have to remember here. You say you are an intermediate to advanced user.
You are writing for mostly "newbies" here because they are the ones reading these threads and going out and "crushing" their systems seeking the ever illusive "optimization" or "o" word that causes so many "newbs" to "crash and burn" their versions of Windows. 
There is a thread I am in right now about a user who has 5 reg cleaners running in his system and he can't open a program or install anything to fix it and this is an every day occurrence. Experienced users will read your reg cleaner advice and just go "oh another one who hasn't a clue what he is talking about".

Suggesting that because you have never "warped" your pc using reg cleaners goes against the vast majority of advice and experience on use of reg cleaners, on this or any other forum I have even been on. You are then as a more experienced user advising "newbies" to use these and this is how these problems get started because they take your word for gospel because use of reg cleaners appeals to their sense of logic. Then you are "guarantying" they will have no issues besides? Does this mean you will fly anywhere and help reformat and computer "farkled" by a reg cleaner? If it does plan your next several months away from home because I have use of your free service in my business as I am tired of doing the same thing over and over again and I really hate reformatting or as I call it "wipe and load" over and over again.

Once again you will not do anything positive to your system using a reg cleaner because there is nothing to clean and no optimization to be gained. If you want to use one to identify specific entries in a registry left after an uninstall of most programs, and then remove a few go ahead. I have done that out if paranoia or with the mistaken notion it will repair something, but have never seen one of those "fixes" repair anything, but I sure have seen them crush a system to the point where making a backup of the registry meant nothing as there was no way on earth to boot it and use the backup.

I remember years ago on support calls to Microsoft that whenever a registry fix was needed for something they made me agree on tape that they were not responsible for any damage done to Windows by entering into the registry. And you want to tell users to use free programs from companies whose eula denies them any liability for anything that happens, to scan systems and remove "issues" at will, when Microsoft won't even remove a single entry without making you agree to not hold them responsible and they produced the operating system?


----------



## R-C (Dec 5, 2008)

I often refer those saying their computer is slow to this excellent article by Miekie,
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

She outlines some very good steps to take, and as stated above I also never advise the use of registry cleaners.

For the Norton that you apparently still have on your pc you can go to their website and look for the specific removal tool for your version of norton and use that removal tool to get it off your pc.

One thing I have found very helpful is running Belarc a free tool which will give you a list of everything on your pc, it is very helpful when wanting to know what type of RAM and how much is on the pc etc, plus it gives you a good list to keep handy with all the info about your pc.
http://belarc.com/


----------



## shopgurl (Nov 27, 2008)

Thank you all for the suggestions and advice. I'm going to start trying them now. I'll try dand22's suggestion and do the complete check disk, and it seems like very good advice to back up everything on the computer, in case something gets deleted. 

I don't have a USB drive, but I have lots of CD-R disks, that say they hold 700MB. I'm just copying files from "my documents" onto a disk and I realize a lot of these files are accessed very rarely. Would it help (make my computer faster) if after I copy them onto a disk, I delete most of them from my computer? When I right click on "my documents" and look at properties, it says: 

Size: 462MB
Size on disk: 507MB
Contains: 18,159 files 1,538 folders

Thanks,

shopgurl


----------



## Rich-M (May 3, 2006)

shopgurl said:


> Thank you all for the suggestions and advice. I'm going to start trying them now. I'll try dand22's suggestion and do the complete check disk, and it seems like very good advice to back up everything on the computer, in case something gets deleted.
> 
> I don't have a USB drive, but I have lots of CD-R disks, that say they hold 700MB. I'm just copying files from "my documents" onto a disk and I realize a lot of these files are accessed very rarely. Would it help (make my computer faster) if after I copy them onto a disk, I delete most of them from my computer? When I right click on "my documents" and look at properties, it says:
> 
> ...


It's personal...if you thought enough to save them before, why delete them now. It looks like your whole My Documents folder will fit oin 1 cdr now anyway.
Don't forget to save any files you don't have in My Documents as many programs keep files in the program, such as Quicken or Ms Money. If you use an onboard email program such as Outlook or Outlook Express, you can "File' "Export" to cd drive also for safety sake.


----------



## shopgurl (Nov 27, 2008)

Thanks for the tips on saving things in programs and Outlook Express. I was planning to try to do that also, but I didn't know if you could save emails-now I know to look under "export" - I would have been looking for "save."

As for saving and then deleting all the folders/documents in My documents, I was just wondering - will freeing up that memory speed up my computer*?* It seems like it would since it's a fairly large number relative to my computer's limited memory, but maybe it doesn't work that way. All my computer specs are in my first post, except I forgot that someone added 256MB about 2 years ago, bringing the total to 384MB, which I know is still very small. And which actually doesn't make sense, since the files in question were 462MB. Do those get stored in the local disk, which I think was 19.08GB*?* I know, I know, I'm showing how clueless I am. Sorry if it's a really dumb question

Thanks again,

Shopgurl


----------



## Kenny94 (Dec 16, 2004)

Hi shopgurl and Wecome to TSG.



dvk01 said:


> The most important thing is remove one of the antiviruses
> 
> I can't tell you which one to keep, that is up to you
> 
> That will stop 99% of the problems


Did you remove one of the anti- viruses programs? Did you see a difference? This was the big problem you had. Two anti- viruses programs will make any computer slow.



> As for saving and then deleting all the folders/documents in My documents, I was just wondering - will freeing up that memory speed up my computer?


Removing documents and files is really not hurting your computer's memory at all. This one thing you have your computer for... To save pictures files/folders documents and so forth. That was smart of you to back them up as with your emails address..:up:

Running programs is what eats up your computer's memory. Especially the unnecessary programs that you do not need. Your computer is about 7 years old by reading your posts. I would not purchase anymore memory. But save your money for a new computer. There's some great buys out there now and in the future, the way economic times are..



> All my computer specs are in my first post, except I forgot that someone added 256MB about 2 years ago, bringing the total to 384MB, which I know is still very small. And which actually doesn't make sense, since the files in question were 462MB. Do those get stored in the local disk, which I think was 19.08GB?


No. When you remove your files from the computer hard drive/ local disk there gone. And gives you more storage space in your hard drive. This has nothing to do with your computer's memory. Only when you open up a file your computer's memory has a role, but just a small amount. Again, programs are BIGGER and need more memory when opened and running ..I think this is your question?

Sinice you posted a Hijack This log on 28-Nov-2008 and I seen no malware at that time. See the below. Also, with" Disabling unnecessary Startup applications/*programs"* that takes up your memory not the files and documents pictures and ect, but, 
*applications/programs* will...We will help you with 04's in your log if needed.
----------------------------------------------------------------------------------------------------------------------------------

A slow computer does not mean there is malware present. I don't see anything in your Hijack This log to indicate that your problem is malware related. But you can follow the steps below:

Making a computer quicker is not a simple task; it depends upon many things. However, there are some adjustments you can do yourself to enhance performance.

*Deleting rubbish from your PC.*

Double Click *My Computer* _(WinXP: Navigate to Start >My Computer)_

You will see an icon representing your hard drive (most likely C: Drive) Right Click on the hard drive icon and click *Properties* at the bottom of the fly out window.

On the very first tab *(General)* you will see a button labelled *"Disk Cleanup"*...click that button.

Make sure the following are checked:
_Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Compress Old Files_
Click *OK* and Disk Cleanup will delete those files for you.

Next, go to *Start>Run>*type in *%temp%* hit *Enter* and delete the content of all the temp folders shown (only the content, not the folder). A couple of files may be in memory and will not therefore delete, this is normal.

Please download *ATF Cleaner* by Atribune.
*This program is for XP and Windows 2000 only*
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

*A fragmented drive causes a slow system. 
Easy steps to defragment your drive: *

1. open My Computer. 
2. Rightclick on the drive you want to defragment and select "Properties". 
3. Click on the Tools tab. 
4. Select Defragment Now....

*Disable Indexing*
 Double click My Computer

 Right click on your system hard drive (probably C )

 Choose Properties

 Uncheck "Allow Indexing Service etc" this may take a while

 Apply > OK
*Disabling unnecessary Startup applications*

If you look at your own HijackThis log, the 04 entries are applications that start at the same time as your PC.

The 04 entries can be adjusted easily using a little program from Mike Lin; Startup. Download it from here: StartupCPL

After installation, you will find it in the Control Panel. You will have to identify every application listed to see if it is really necessary or just a resource hog. This website will help you: Startup Applications

* Disabling "eye candy", "bells and whistles"*

Windows XP contains a huge list of special effects and visual enhancements such as animated menus, fade effects, cursor shadows, menu shadows etc. Disabling some of these settings can make Windows XP running faster and use fewer system resources
 Open Control Panel from the Start menu and choose "System." Choose the "Advanced" tab.
 Select the "Settings" button under the Performance section. 
 Check the "Adjust for best performance" box and click "Apply" to apply the settings. 
 Alternatively, you can choose the "Custom" open, you can then selectively enable or disable each specific effect. The cursor shadowing effect can have a noticeable impact on performance.
*Display Properties* 
Well, it is sad to say goodbye to special effects, but we want to speed up the computer. 
 Open Control Panel from the Start menu and choose Display. 
 Choose the "Desktop tab and set the Background to "None." 
 Select the "Appearance" tab. 
 Under "Windows and buttons," choose "Windows Classic Style" from the drop-down menu. 
 Click the "Effects" button. 
 Deselect all options and click OK. 
 Click OK to close the Display Properties and apply the changes.
*Start Menu and Folders*

Context click (usually known as Right click) on the Windows XP Start button and choose "Properties" from the contextual menu. 
 Choose "Classic Start Menu" 
 Click the "Customise" button 
 Select the "Show Small Icons in Start Menu" option 
 Deselect any other items that you don't use often.
*Folder Options* 
 Open My Computer 
 Open the C: Drive or any other drive 
 Choose "Folder Options" from the Tools menu 
 Select "Use Windows classic folders" 
 Select the "View" tab. 
 Deselect the "Automatically search for network folders and printers" option. 
 Click "Apply" 
 Click the "Apply to All Folders" button 
 Click OK.
Now, you can enjoy your PC and Windows XP faster.


----------



## shopgurl (Nov 27, 2008)

I'm working on uninstalling Norton and other programs as advised here, and I noticed that Roxio Easy Media Creator 7 takes up 580MB, which is nearly 10x as large as the next largest program. I don't remember purposely downloading it, and I don't think it's one of the ones that came installed on my computer. But it did pop up and said it was used when I burned files to cd as back up. I think I must have something else that would do that as I have my computer came with a suite of software...but I'm not sure...??

Anyone know if it would be ok to get rid of Roxio? I have Windows Media Player and Movie Maker, Microsoft Image Composer, as well as Sonic and Real Player. It looks like Roxio was added in June 06, so it did not come w/ the computer. Could it be one of those programs where I found something on the internet I wanted to view and it said I had to download Roxio to open it? Does it do anything those other programs don't?

Thanks!


----------



## Kenny94 (Dec 16, 2004)

Roxio Easy Media Creator 7 is for Cd burning and dvd burning software. It's a old verison, but I would keep it.



> But it did pop up and said it was used when I burned files to cd as back up.


Hey, you might need it again....

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. And see what security you have now. And what we need to remove. To take the guess work out... Here is how you can do this:

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.


----------



## shopgurl (Nov 27, 2008)

Hi Kenny94,

Thanks for showing me this cool feature in HijackThis. There are more programs on the HijackThis list than when I go to the Control Panel on my computer and click "Add or Remove a Program." Norton is an example.

I have not removed Norton yet. When I tried to remove it from the Control Panel on my computer by going to "Add or Remove a Program," I found only 2 related items. They are shown below along with the message I got when I clicked "remove." 

-LiveReg (Symantec Corporation) *"Symantec LiveReg cannot be removed at this time because the following applications require this component: Norton Antivirus."*

-*LiveUpdate 1.90 (Symantec Corporation) "We have determined you still have some Symantec Applications registered with LiveUpdate. You should not remove LiveUpdate unless all Symantec Applications have been uninstalled first. Are you sure you want to remove LiveUpdate?"*

Norton's not listed & no other listings under Symantec. At first, I only saw 16 programs in my computer's control panel. *They are bold and underlined* in the list below. I just checked the "show updates" option and more came up. *The updates also shown on my control panel, are bold, but not underlined on the HijackThis list below*.

Earlier I mentioned I had a computer expert work on my machine 2 years ago w/ a main goal of speeding it up & getting rid of pop-ups. I'm pretty sure he added Spybot, AdAware and Avast and I think at least one other security program (which I deleted within the last few days-can't remember the name of it, but definitely nothing to do with Norton.) Maybe he removed Norton at that time, and didn't catch everything and that's why there are still 2 Symantec programs listed.

I have the Norton Internet Security 2004 disk-if I need to install it to uninstall it. It has AntiVirus, Personal Firewall, Privacy Control, AntiSpam and Parental Control.


*From HiJackThis:*​
*Adobe Flash Player 10 ActiveX*
CC_ccStart
ccCommon
Do More 5.0
*HelpSpot*
*HijackThis 2.0.2*
*Hotfix for Windows Internet Explorer 7 (KB947864)*
*Hotfix for Windows XP (KB952287)*
*Intel(R) PROSet II*
*iTunes*
*LiveReg (Symantec Corporation)*
*LiveUpdate 1.90 (Symantec Corporation)*
Microsoft Internationalized Domain Names Mitigation APIs
*Microsoft Money 2002*
*Microsoft Money 2002 System Pack*
Microsoft National Language Support Downlevel APIs
*Microsoft PowerPoint Viewer 97*
*Microsoft Word 2002*
*Microsoft Works 6.0*
*Microsoft Works Suite Add-in for Microsoft Word*
MSRedist
Norton AntiVirus 2004
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
*Roxio Easy Media Creator 7*
*Security Update for Step By Step Interactive Training (KB898458)*
*Security Update for Step By Step Interactive Training (KB923723)*
*Security Update for Windows Internet Explorer 7 (KB937143)*
*Security Update for Windows Internet Explorer 7 (KB938127)*
*Security Update for Windows Internet Explorer 7 (KB939653)*
*Security Update for Windows Internet Explorer 7 (KB942615)*
*Security Update for Windows Internet Explorer 7 (KB944533)*
*Security Update for Windows Internet Explorer 7 (KB950759)*
*Security Update for Windows Internet Explorer 7 (KB953838)*
*Security Update for Windows Internet Explorer 7 (KB956390)*
*Security Update for Windows Media Player 9 (KB911565)*
*Security Update for Windows Media Player 9 (KB917734)*
*Security Update for Windows XP (KB938464)*
*Security Update for Windows XP (KB941569)*
*Security Update for Windows XP (KB946648)*
*Security Update for Windows XP (KB950760)*
*Security Update for Windows XP (KB950762)*
*Security Update for Windows XP (KB950974)*
*Security Update for Windows XP (KB951066)*
*Security Update for Windows XP (KB951376)*
*Security Update for Windows XP (KB951376-v2)*
*Security Update for Windows XP (KB951698)*
*Security Update for Windows XP (KB951748)*
*Security Update for Windows XP (KB952954)*
*Security Update for Windows XP (KB953839)*
*Security Update for Windows XP (KB954211)*
*Security Update for Windows XP (KB954459)*
*Security Update for Windows XP (KB955069)*
*Security Update for Windows XP (KB956391)*
*Security Update for Windows XP (KB956803)*
*Security Update for Windows XP (KB956841)*
*Security Update for Windows XP (KB957095)*
*Security Update for Windows XP (KB957097)*
*Security Update for Windows XP (KB958644)*
*Shockwave*
*Spybot - Search & Destroy 1.4*
Symantec Script Blocking Installer
SymNet
*Update for Windows XP (KB951072-v2)*
*Update for Windows XP (KB951978)*

I noticed one program listed on my Control Panel that I don't think showed up on the HiJackThis list; "Windows Genuine Advantage Notifications." Not sure it makes any difference, but I wanted to give you all the info I could.

I was planning to try removing spybot next, but since you're looking at the whole list, I'll await your advice. Thanks very much. Sorry for the long post, but I hope I've given you all the info you need.

Shopgurl


----------



## Rich-M (May 3, 2006)

You should remove the two entries you found and also try this Symantec Removal Tool:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039


----------



## Kenny94 (Dec 16, 2004)

Hi shopgurl..

OK,,, Internet Security 2004 is out of date. Lets remove it and installed a new Anti-Virus. Since you have no protection. I saw Avast in your last log, but it's not there?

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):

*Avast *

Lets download and run the Norton Removal Tool. To remove the leftovers at:

http://service1.symantec.com/SUPPOR...2005033108162039&nsf=tsgeninfo.nsf&view=docid

Scroll down to "Windows Vista/XP/2000 click download and click Run and let the tool do its work. Then reboot your computer.

*Next*

Lets download AVG Anti-Virus Free Edition 8.0 at: http://www.download.com/AVG-Anti-Vi...42.html?part=dl-AVGAntiVir&subj=dl&tag=button

and click the download and click Run to install AVG Anti-Virus.. Update AVG Anti-Virus definitions and do a Full System Scan. Note any files that could not be removed and post them in your next reply.



> I was planning to try removing spybot next, but since you're looking at the whole list, I'll await your advice. Thanks very much. Sorry for the long post, but I hope I've given you all the info you need.


Lets deal with Anti-Virus for now. The "Windows Genuine Advantage Notifications is need it..

In are next post we'll install a firewall and a Anti-Spyware and check if your computer is clean of virus's and spyware..:up:

In your next reply, please include these log(s):

** HijackThis Uninstall List
* HijackThis log (new)*

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.


----------



## shopgurl (Nov 27, 2008)

Hi Kenny94

Thanks for the advice. Sorry it's taken me a while, but my computer is still very slow so I've done the things you suggested, in stages working on one part every couple of days when I had time. Kenny, hopefully you'll have time to reply in the next few days -for a beginner like me it really helps to get advice from the same person each time. Otherwise, it can get overwhelming, and with so many suggestions, it's hard to know what to do next. Here's what I did.


I removed/uninstalled Avast and Norton. I did have a few problems, but I'm pretty sure eventually I got rid of both of them.
I installed AVG Anti-Virus & did an update & a scan. I was not able to copy that, but here's an overview and list of problems found:
Infections found: 2

Infections removed/healed: 2
Infections not removed/healed: 0
Spyware found: 1
Spyware removed/healed: 1
Spyware not removed/healed: 0

Warnings count: 30
Total Objects scanned: 504.604

_*Infections Found* (note: columns don't come out right so I used dashes to show where a new column would be.)_

*File* - *Infection* - *Result*
C:\WINNT\rculpvb.exe - Virus found Win 32\heur - moved to Virus Vault
C:\WINNT\system32\uwcp - Trojan Horse generic. - Virus Vault
C:\WINNT\rr.exe - QVO -

_*Spyware*_

C:\WINNT\cpbrkpie.ocx - Adware generic c2 RGM - Virus Vault

_*Warnings* _

30, all cookies - found tracking cookies - potentially dangerous object
The 30 cookies all had one of the following as part of their name; adbrite, Euroclick, Dealtime, Overture, Revsci, Weborama


I hope this is what you wanted. I opened HiJackThis, then went to Misc Tools, then Open *Uninstall* Manager, and this is the list:
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
AVG Free 8.0
Do More 5.0
HelpSpot
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet II
iTunes
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft PowerPoint Viewer 97
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Roxio Easy Media Creator 7
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
Spybot - Search & Destroy 1.4
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)

Then, this is the list when I run a scan and a get a log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:21 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &^ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &^ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/245ebd09140e71b53f05/netzip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://70.224.114.166/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C248F7CA-CD4D-4676-A2C6-E84570B17922}: NameServer = 216.144.192.250 166.90.244.194
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
--
End of file - 8525 bytes

You also mentioned; "The Windows Genuine Advantage Notifications is need it.." I am not familiar with it, so please let me know if I need to do anything on that.

My computer is still very slow - maybe a slight improvement...or is that wishful thinking? You mentioned next we'd install a firewall and an Anti-Spyware program and check if my computer is clean of viruses and spyware. I'm ready to work on that or whatever you think should come next. Just a note on firewalls -not sure if it matters but I do have the windows firewall turned on right now. Also, I'm pretty sure this is different from the firewall, but "Privacy" and "Security" are both currently set at Medium-High.

Thanks very much for your help!

shopgurl


----------



## Kenny94 (Dec 16, 2004)

Hi shopgurl...

WOW! You did a nice job! I wish more were like you...:up:



> You also mentioned; "The Windows Genuine Advantage Notifications is need it.." I am not familiar with it, so please let me know if I need to do anything on that.


Microsoft installs it to make sure your copy of Windows is genuine. So, you can install security updates for Windows. As you been doing looking at your log...



> Just a note on firewalls -not sure if it matters but I do have the windows firewall turned on right now. Also, I'm pretty sure this is different from the firewall, but "Privacy" and "Security" are both currently set at Medium-High.


Do not depend on the firewall built into Windows XP. It will not block transmissions from backdoor programs. We'll work on this at the end. I want to run a Anti-Spyware program called "superantispyware" and see what junk we can find or hiding as well. Lets do some house cleaning..

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

*Run HijackThis, click on "Scan" and check the boxes next to all these items.*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/245ebd09...p/RdxIE601.cab
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)

*Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".*

*Next*

Please download SUPERAntiSpyware Home Edition (free version)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click *Yes*.
Under *Configuration and Preferences*, click the Preferences button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
*Please leave the others unchecked.*
Click the Close button to leave the control center screen.

On the main screen, under *Scan for Harmful Software* click *Scan your computer*.
On the left check *C:\Fixed Drive*.
On the right, under Complete Scan, choose *Perform Complete Scan*.
Click *Next* to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click *OK*.
Make sure everything in the white box has a check next to it, then click *Next*.
It will quarantine what it found and if it asks if you want to reboot, click *Yes*.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click *Preferences*. Click the *Statistics/Logs* tab.
Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose *copy*.

Click close and close again to exit the program.
Save the log information. And paste this info along with your HijackThis log.

In your next reply, please include these log(s):

** SUPERAntiSpyware Scan Log
* HijackThis log (new)*

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.


----------



## shopgurl (Nov 27, 2008)

Hi Kenny94,

I'm just back from Christmas with the family and had a chance to follow the instructions in your last post. I was also having problems with my printer (that's a separate post for another time!) Since your last post was pretty detailed, I wanted to be able to print it first and then follow it step by step. Anyway, I finally got my printer to print in blue only - enough to do what I needed.

I hope you had a great Christmas if you celebrate Christmas, and if not, I hope you at least got some time off from work!

Here is an updated HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:25 PM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &^ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &^ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://70.224.114.166/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C248F7CA-CD4D-4676-A2C6-E84570B17922}: NameServer = 216.144.192.250 166.90.244.194
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
--
End of file - 8070 bytes

Here is the SUPERAntiSpyware Scan Log:

http://www.superantispyware.com
Generated 12/28/2008 at 08:36 PM
Application Version : 4.23.1006
Core Rules Database Version : 3687
Trace Rules Database Version: 1663
Scan type : Complete Scan
Total Scan Time : 01:40:29
Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 5514
Registry threats detected : 3
File items scanned : 92015
File threats detected : 56
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59}
HKU\S-1-5-21-3615762775-3852255402-4189850523-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F1D395-4744-40F0-A611-980F61AE2C59}
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
C:\Documents and Settings\Owner\Cookies\[email protected][8].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
Adware.BetterInternet
HKU\S-1-5-21-3615762775-3852255402-4189850523-1003\Software\aurora
Malware.SpywareNuker
C:\WINNT\SYSTEM32\DRIVERS\PSHOOK11.SYS

I had no problems with the above - your instructions were very complete, which I greatly appreciate. I just finished and ran the 2 logs, so I'm not sure if anything is running faster. I will be working on some other things online tonight and if I notice a change, I will send a second email.

Thanks,

shopgurl


----------



## Kenny94 (Dec 16, 2004)

> hope you had a great Christmas


Yes I did and thank you!



> will be working on some other things online tonight and if I notice a change, I will send a second email.


:up:


----------



## shopgurl (Nov 27, 2008)

Hi Kenny,

Well last night my monitor stopped working (and it's only 1-2 years old, not nearly as old as my computer.) That was a real challenge for a technophobe like me...since I couldn't use my monitor I couldn't post a question here or go on the manufacturer's website. I called the manufacturer today, and since the power light was blinking, they said it could be the cord. I save all these extra power cords and transformers - I have no idea what it was from but I found an extra that looked just like the monitor cord and plugged it in and it works!

So I've been online for a while and there is maybe a slight improvement, since adding the Super AntiSpyware, but it's still very slow compared to how it ran in the past.

Was there anything in the logs I posted last time that I should get rid of? What should I try next?

Thanks very much!

Shopgurl


----------



## perfume (Sep 13, 2008)

Dear shopgurl,
you have received very good advise from the above posts.Your CPU is running fine!You sure need to add more RAM.As advised,get rid of the old Norton software.Follow Rich-M's advise.As the Moderator pointed out,running two Anti-virus programs is a recipe for disaster! Why don't you just try and uninstall the "magic jack internet phone", restart and see for any change in your PC's speed? I am most interested in what kind of internet connectivity and it's speed and have you changed it lately?You can try the "absolute uninstaller pro"'s trial period to remove all traces of Norton!See if you can prune the "internet cache", since you seem to browse more(and save more?).You haven't mentioned which version of IE you are using,6 or 7?Go for FireFox? As a final piece of advise,download "Ccleaner", and Just use the "cleaner"option on the left hand corner and click on " run cleaner".Don't you dare touch the "registry"! Best wishes.


----------



## Kenny94 (Dec 16, 2004)

Hi shopgurl

I want to did deeper with random's system information tool


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## shopgurl (Nov 27, 2008)

Hi Kenny,

It seems my monitor is frying cords. I mentioned in my previous post that I found a spare cord and got my monitor to work. But, later that night, the monitor power light was blinking again. Needless to say, I've given up on that monitor (purchased 16 months ago-so out of warranty.) If I have to buy a new monitor, I need to research prices online (I'm laid off, so every penny counts.) I ended up borrowing my mom's monitor, which I gave her years ago. It came from my first computer, so it's got to be 10+ years old. It's still working, but my 16 month old monitor is dead. Go figure. We think her computer is dead (or so old it's not worth fixing) so she doesn't need the monitor anyway. But if I don't respond right away to your posts, it probably just means I ran into some other problem.

Why does everything quit working when you have no money to fix it? Seriously, in the past 1-2 weeks; my car sometimes won't start and it seems to be not the battery but something draining the battery that no one can figure out (cause the battery has been replaced 2x in 3 years), a section of shingles on my roof blew off, 2 days after I had the roof repaired I noticed water dripping in front of me as I was watching a dvd on New Year's Eve. Fortunately, that turned out to be a humidifier leaking on the floor above it, so I was able to stop the leak...now I just have a humidifier (about 2 years old so out of warranty!) to fix or replace. Good riddance 2008!!

Anyway, I don't mean to complain. I just want you to know how much I appreciate your help with my computer. I ran the program you suggested. Here is the first half of the *log.txt* I'll send the rest in a separate email.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-02 14:07:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (47%) free of 20 GB
Total RAM: 382 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:16 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &^ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &^ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://70.224.114.166/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C248F7CA-CD4D-4676-A2C6-E84570B17922}: NameServer = 216.144.192.250 166.90.244.194
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
--
End of file - 7981 bytes
======Scheduled tasks folder======
C:\WINNT\tasks\Spybot - Search & Destroy.job
C:\WINNT\tasks\XoftSpy.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-11 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll [2003-06-24 1662976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-11 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll [2003-06-24 1662976]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-11 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PrinTray"=C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-06-26 36864]
"Lexmark X6100 Series"=C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe [2003-09-23 57344]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-11 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-07-29 98304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2003-06-24 45056]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []
"cdloader"=C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe [2008-12-17 50520]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-03-19 78960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINNT\Belt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
C:\WINNT\dinst.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
wjview /cp C:\Program Files\EbatesMoeMoneyMaker\System\Code Main lp: C:\Program Files\EbatesMoeMoneyMaker []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
C:\WINNT\GWMDMMSG.exe [2002-05-06 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINNT\System32\hkcmd.exe [2003-07-10 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINNT\System32\igfxtray.exe [2003-07-10 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Washer Pro]
C:\Program Files\Internet Washer Pro\iw.exe min []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Preload Check]
C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:Keyboard Preload Check []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kqnxbr]
C:\WINNT\system32\cwpznz.exe r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe [2001-06-14 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe [2001-10-18 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe [2001-07-25 184376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE REBOOT []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-06-26 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
C:\WINNT\system32\PROMon.exe [2002-04-18 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-07-29 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-03-05 208941]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2003-06-24 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2005-03-08 1695744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
C:\WINNT\SM1BG.EXE [2003-08-27 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-05 180269]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\documents and settings\owner\local settings\temp\tr-14_trickler_4201.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wfyfmku]
c:\winnt\system32\dbdjqfr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Fast Start.lnk]
C:\MSOffice\Office\FASTBOOT.EXE [1996-03-20 14848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Find Fast Indexer.lnk]
C:\MSOffice\Office\FINDFAST.EXE /noui []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
C:\MSOffice\Office\MSOFFICE.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-07-10 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

Thanks again for your help.

Shopgurl


----------



## shopgurl (Nov 27, 2008)

Hi Kenny,

Here is the second half of *log.txt*. The part in red is repeated from my earlier post. It is the last few lines of the log that appeared in that earlier post. It starts right under that.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\microsoft frontpage\bin\fpexplor.exe"="C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer"
"C:\FrontPage Webs\Server\vhttpd32.exe"="C:\FrontPage Webs\Server\vhttpd32.exe:*:Enabled:Microsoft FrontPage Personal Web Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*isabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPlayer"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*isabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*isabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*isabled:AOL"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Documents and Settings\Owner\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
======List of files/folders created in the last 3 months======
2100-02-24 14:15:04 ----A---- C:\WINNT\Lexmark_ICM.ini
2100-02-16 16:09:06 ----A---- C:\WINNT\system32\LXASUSCI.INI
2009-01-02 14:07:24 ----D---- C:\rsit
2008-12-28 18:48:24 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-28 18:48:01 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-28 18:48:01 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-28 18:46:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 19:30:08 ----HD---- C:\$AVG8.VAULT$
2008-12-11 18:30:07 ----A---- C:\WINNT\system32\avgrsstx.dll
2008-12-11 18:29:55 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-12-11 18:29:31 ----D---- C:\Program Files\AVG
2008-12-11 18:29:31 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-11 03:07:44 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-11 02:57:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-12-11 02:57:28 ----D---- C:\Program Files\NOS
2008-12-10 03:02:00 ----HDC---- C:\WINNT\$NtUninstallKB955839$
2008-12-10 03:00:57 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2008-12-10 03:00:49 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2008-12-10 03:00:42 ----A---- C:\WINNT\imsins.BAK
2008-12-10 03:00:27 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2008-11-28 18:31:52 ----D---- C:\Program Files\Trend Micro
2008-11-26 19:43:40 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-11-26 19:42:04 ----D---- C:\Program Files\Uniblue
2008-11-25 17:48:38 ----D---- C:\Program Files\CCleaner
2008-11-25 16:35:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-25 16:34:41 ----A---- C:\WINNT\system32\STKIT432.DLL
2008-11-13 13:00:49 ----D---- C:\Program Files\Panda Security
2008-11-12 03:02:32 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-12 03:02:21 ----HDC---- C:\WINNT\$NtUninstallKB954459$
2008-11-12 03:01:53 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-10-25 02:00:55 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-10-15 02:15:50 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2008-10-15 02:15:36 ----HDC---- C:\WINNT\$NtUninstallKB956391$
2008-10-15 02:15:24 ----HDC---- C:\WINNT\$NtUninstallKB957095$
2008-10-15 02:12:24 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2008-10-15 02:11:21 ----HDC---- C:\WINNT\$NtUninstallKB956841$
2008-10-11 02:00:51 ----HDC---- C:\WINNT\$NtUninstallKB951978$
2008-10-09 14:21:14 ----D---- C:\WINNT\Prefetch
2008-10-09 13:44:54 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2008-10-09 13:44:42 ----HDC---- C:\WINNT\$NtUninstallKB952287$
2008-10-09 13:44:00 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2008-10-09 13:43:48 ----HDC---- C:\WINNT\$NtUninstallKB951698$
2008-10-09 13:43:33 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2008-10-09 13:43:21 ----HDC---- C:\WINNT\$NtUninstallKB951376$
2008-10-09 13:43:06 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2008-10-09 13:42:26 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2008-10-09 13:42:06 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2008-10-09 13:41:52 ----HDC---- C:\WINNT\$NtUninstallKB946648$
2008-10-09 13:41:35 ----HDC---- C:\WINNT\$NtUninstallKB938464$
2008-10-09 13:30:10 ----D---- C:\WINNT\system32\scripting
2008-10-09 13:30:07 ----D---- C:\WINNT\l2schemas
2008-10-09 13:30:06 ----D---- C:\WINNT\system32\en
======List of files/folders modified in the last 3 months======
2009-01-02 13:53:00 ----D---- C:\WINNT\Temp
2009-01-02 02:35:18 ----D---- C:\Documents and Settings\Owner\Application Data\mjusbsp
2009-01-01 21:16:36 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-28 20:55:27 ----D---- C:\WINNT\system32\drivers
2008-12-28 18:51:09 ----D---- C:\WINNT\system32\CatRoot2
2008-12-28 18:48:11 ----SHD---- C:\WINNT\Installer
2008-12-28 18:48:11 ----D---- C:\Config.Msi
2008-12-28 18:48:01 ----AD---- C:\Program Files
2008-12-28 18:46:33 ----AD---- C:\Program Files\Common Files
2008-12-28 18:20:10 ----A---- C:\WINNT\LEXSTAT.INI
2008-12-18 03:09:14 ----AD---- C:\WINNT
2008-12-18 03:07:33 ----AD---- C:\WINNT\system32
2008-12-18 03:01:06 ----HD---- C:\WINNT\inf
2008-12-18 03:00:54 ----RSHD---- C:\WINNT\system32\dllcache
2008-12-18 03:00:23 ----HD---- C:\WINNT\$hf_mig$
2008-12-13 16:08:07 ----D---- C:\WINNT\Minidump
2008-12-13 01:40:02 ----A---- C:\WINNT\system32\mshtml.dll
2008-12-12 03:00:23 ----D---- C:\WINNT\Debug
2008-12-11 18:29:28 ----D---- C:\WINNT\WinSxS
2008-12-11 18:29:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-11 18:24:25 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-11 18:04:43 ----D---- C:\Program Files\Alwil Software
2008-12-11 16:57:00 ----SD---- C:\WINNT\Downloaded Program Files
2008-12-11 16:55:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-11 16:53:10 ----SD---- C:\WINNT\Tasks
2008-12-11 16:29:56 ----D---- C:\Program Files\Common Files\Adobe
2008-12-11 16:29:56 ----D---- C:\Program Files\Adobe
2008-12-11 16:29:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-10 03:01:35 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:46:23 ----A---- C:\WINNT\X83_DS.ini
2008-12-09 18:24:37 ----A---- C:\WINNT\system32\MRT.exe
2008-12-07 20:53:43 ----D---- C:\Documents and Settings
2008-12-05 16:13:20 ----D---- C:\WINNT\Help
2008-11-25 18:54:42 ----D---- C:\WINNT\pss
2008-11-25 18:45:19 ----RSD---- C:\WINNT\Fonts
2008-11-25 18:41:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-25 18:39:31 ----D---- C:\WINNT\occache
2008-11-25 18:38:52 ----D---- C:\Program Files\Juniper Networks
2008-11-25 18:31:49 ----A---- C:\WINNT\vbaddin.ini
2008-11-17 17:37:05 ----A---- C:\WINNT\ACMonitor_X83.ini
2008-11-13 14:27:03 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-11-10 14:16:23 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2008-11-07 16:45:32 ----A---- C:\WINNT\system32\WMVCore.dll
2008-10-23 07:36:14 ----A---- C:\WINNT\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINNT\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINNT\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINNT\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINNT\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINNT\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINNT\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINNT\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINNT\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINNT\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINNT\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINNT\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINNT\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINNT\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINNT\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINNT\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINNT\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINNT\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINNT\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINNT\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINNT\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINNT\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINNT\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINNT\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINNT\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINNT\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINNT\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINNT\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINNT\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINNT\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINNT\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINNT\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINNT\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINNT\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINNT\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINNT\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINNT\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----A---- C:\WINNT\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINNT\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINNT\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINNT\system32\ieakui.dll
2008-10-09 14:20:02 ----D---- C:\WINNT\system32\Setup
2008-10-09 14:20:01 ----D---- C:\WINNT\AppPatch
2008-10-09 14:20:00 ----D---- C:\WINNT\system32\wbem
2008-10-09 14:19:12 ----D---- C:\WINNT\security
2008-10-09 13:45:01 ----D---- C:\WINNT\system32\CatRoot
2008-10-09 13:41:54 ----D---- C:\Program Files\Messenger
2008-10-09 13:31:15 ----D---- C:\WINNT\ServicePackFiles
2008-10-09 13:31:13 ----D---- C:\Program Files\Windows Media Player
2008-10-09 13:30:50 ----D---- C:\WINNT\network diagnostic
2008-10-09 13:30:50 ----D---- C:\WINNT\ime
2008-10-09 13:30:12 ----D---- C:\WINNT\system32\usmt
2008-10-09 13:30:12 ----D---- C:\WINNT\system32\en-US
2008-10-09 13:30:05 ----D---- C:\WINNT\system32\bits
2008-10-09 13:30:05 ----D---- C:\WINNT\peernet
2008-10-09 13:30:05 ----D---- C:\Program Files\Movie Maker
2008-10-09 13:25:49 ----D---- C:\WINNT\system32\Restore
2008-10-09 13:25:48 ----D---- C:\WINNT\system32\npp
2008-10-09 13:25:47 ----D---- C:\WINNT\msagent
2008-10-09 13:25:45 ----D---- C:\WINNT\srchasst
2008-10-09 13:25:43 ----D---- C:\Program Files\NetMeeting
2008-10-09 13:25:42 ----D---- C:\WINNT\system32\Com
2008-10-09 13:25:30 ----D---- C:\Program Files\Windows NT
2008-10-09 13:25:30 ----D---- C:\Program Files\Outlook Express
2008-10-09 13:25:25 ----D---- C:\Program Files\Common Files\System
2008-10-09 13:24:57 ----D---- C:\WINNT\system32\oobe
2008-10-09 13:24:54 ----D---- C:\WINNT\system
2008-10-09 13:20:02 ----D---- C:\WINNT\system32\ReinstallBackups
2008-10-09 13:19:35 ----HDC---- C:\WINNT\$NtServicePackUninstall$
2008-10-09 13:11:20 ----D---- C:\WINNT\ehome
2008-10-03 05:02:42 ----A---- C:\WINNT\system32\strmdll.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2008-12-11 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2008-12-11 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2005-03-08 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-03-08 24960]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2005-03-08 291456]
R1 Cinemsup;Cinemsup; C:\WINNT\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINNT\system32\drivers\DVDVRRdr_xp.sys [2005-03-08 141184]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2005-03-08 117760]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-12 6208]
R1 UDFReadr;UDFReadr; C:\WINNT\system32\drivers\UDFReadr.sys [2005-03-08 202496]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2008-12-11 76040]
R2 symlcbrd;symlcbrd; \??\C:\WINNT\system32\drivers\symlcbrd.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-08-03 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-08-03 96858]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 GTWModem;GTW V.92 Voicemodem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2002-05-06 1106464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
R3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2005-03-08 23808]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2002-04-04 459944]
R3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINNT\system32\DRIVERS\dsNcAdpt.sys []
S3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2005-03-08 24064]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 iscFlash;iscFlash; \??\C:\WINNT\SYSTEM32\DRIVERS\iscflash.sys []
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PcdrNt;PcdrNt; C:\WINNT\System32\drivers\PcdrNt.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINNT\System32\DRIVERS\point32.sys [2003-05-15 19072]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys []
S4 sr;System Restore Filter Driver; C:\WINNT\System32\DRIVERS\sr.sys [2008-04-13 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-11 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-11 231704]
R2 LexBceS;LexBce Server; C:\WINNT\system32\LEXBCES.EXE [2003-09-23 303104]
S2 NMSSvc;Intel(R) NMS; C:\WINNT\System32\NMSSvc.exe [2002-05-03 1118208]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]
S4 PictureTaker;PictureTaker; c:\fixit\pt\PCTKRNT.SYS []
S4 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS []
-----------------EOF-----------------

I'll send the other log (info.txt) in another post.  Thanks, 

Shopgurl


----------



## shopgurl (Nov 27, 2008)

Hi Kenny,

Here is the info.txt one:

info.txt logfile of random's system information tool 1.05 2009-01-02 14:08:29
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Do More 5.0-->MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}
HelpSpot-->MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINNT\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033 
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Roxio Easy Media Creator 7-->MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINNT\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINNT\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINNT\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINNT\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINNT\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINNT\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINNT\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINNT\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINNT\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINNT\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
=====HijackThis Backups=====
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/245ebd09140e71b53f05/netzip/RdxIE601.cab
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
======Security center information======
AV: AVG Anti-Virus Free
System event log
Computer Name: CAROL
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0007E99CECC8. The IP address being used is 169.254.189.170.
Record Number: 41669
Source Name: Dhcp
Time Written: 20080704125847.000000-240
Event Type: warning
User: 
Computer Name: CAROL
Event Code: 6005
Message: The Event log service was started.
Record Number: 41668
Source Name: EventLog
Time Written: 20080704125744.000000-240
Event Type: information
User: 
Computer Name: CAROL
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
Record Number: 41667
Source Name: EventLog
Time Written: 20080704125744.000000-240
Event Type: information
User: 
Computer Name: CAROL
Event Code: 6006
Message: The Event log service was stopped.
Record Number: 41666
Source Name: EventLog
Time Written: 20080704023127.000000-240
Event Type: information
User: 
Computer Name: CAROL
Event Code: 7036
Message: The iPodService service entered the stopped state.
Record Number: 41665
Source Name: Service Control Manager
Time Written: 20080704023058.000000-240
Event Type: information
User: 
Application event log
Computer Name: CAROL
Event Code: 1800
Message: The Windows Security Center Service has started.
Record Number: 13770
Source Name: SecurityCenter
Time Written: 20070901105602.000000-240
Event Type: information
User: 
Computer Name: CAROL
Event Code: 100
Message: 
Record Number: 13769
Source Name: SAVSCAN
Time Written: 20070901105535.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: CAROL
Event Code: 0
Message: Service started.
Record Number: 13768
Source Name: NMSSvc
Time Written: 20070901105533.000000-240
Event Type: information
User: 
Computer Name: CAROL
Event Code: 1
Message: 
Record Number: 13767
Source Name: ccEvtMgr
Time Written: 20070901105351.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: CAROL
Event Code: 26
Message: 
Record Number: 13766
Source Name: ccEvtMgr
Time Written: 20070901105350.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------

Thanks, Kenny. Hopefully there is something in these logs that will give you the right info - I will await your further instructions.

Shopgurl


----------



## Kenny94 (Dec 16, 2004)

Hi shopgurl! And when it rains it pours, but that was in 2008...



> Here is the first half of the log.txt I'll send the rest in a separate email.


:up:


----------



## Kenny94 (Dec 16, 2004)

> Thanks, Kenny. Hopefully there is something in these logs that will give you the right info - I will await your further instructions.


Let me look at this, I'll get back with you in the next day or two...


----------



## shopgurl (Nov 27, 2008)

Hi Perfume,

Thanks so much for your suggestions. I do realize the amount of RAM I have is ridiculously low by today's standards. However, my computer was running well (and fast) after the last time I had someone clean it up. Unfortunately that person is not available, so I'm trying to do it myself. I really mostly use my computer for the internet, and I have only a few programs loaded, so I'm hoping I can get it working again -at least well enough. I was laid off a few months ago, so buying a new one is not really an option (although once I do get a job it will be very high on my list.)

I will add RAM if needed--I guess I'm hesitant at this point because of the expense (although I'm sure it's a lot less than a new computer) and because it sounds very complicated. Also, I had RAM added once a couple of years ago, and I'm not sure it will accommodate more. 

I did uninstall several programs (including Norton) a couple of weeks ago and I'm now running only one Anti-virus program. And I installed ccleaner around the same time.

As for the magicjack, that is quite new (about 2 months), and my computer definitely had become slow before it was installed -it's been slow for about a year. My internet connectivity is dsl, 100 mbps. I am thinking about changing carriers, so I'd appreciate suggestions if you think the type or speed of my connection should be different. I have had the same internet connection for years (3+), and the slow down in my computer is more recent.

I'm interested in your suggestion regarding internet cache (since I use my computer most for the internet), but I'm not exactly sure what you mean by that. Is it just the sites I have bookmarked as favorites? I am using IE - I'm not sure what version, or where to find that info. All I could find (under properties) was that it was created 10/04 and modified 09/07, the size is 803 bytes and the size on disk is 4096 bytes. I'm not sure if that might give you a clue as to which version. 

I think the same guy that cleaned up my computer and added RAM a couple of years ago also added Mozilla Firefox. I still have the icon on my desktop, but I don't seem to be able to access the internet with it.

Thanks again,

Shopgurl


----------



## Kenny94 (Dec 16, 2004)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under *Upgrading Java*, to download and install the latest vesion.


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
[*]Archives
[*]Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## stocker340 (Oct 8, 2002)

I see you are having trouble
I saw your hijack log

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Remove these above for starters

These are a few to remove to start with as it is tough to say without knowing what you have installed as there are a few I am curious as to being needed.
I would uninstall all antivirus programs and spybot and superantispyware or any spyware removal type program program you have on your computer for now then reboot when told to
The after a restart turn off system restore then reboot again
Get this utility and run it http://www.brothersoft.com/download-glary-utilities-46177.html 
Then restart
Then go to the following link and download the ESET Smart Security trial at the link below
http://www.eset.com/download/free_trial_download.php
When installing make sure you enable threat sense I believe there should be only one you have to check
After installing run a full scan and see what happens watch what is deleted or quarantined
Then reboot after the scan
Let me know what you find

This may only be a start to your trouble fix.


----------



## Kenny94 (Dec 16, 2004)

ESET Smart Security is a very good product. But shopgurl is out of work. Read post 46.

After 30 days will you pay for ESET Smart Security? Also, why would you remove her home page MSN? I can go on more on your advice, but this is for starters..


----------



## stocker340 (Oct 8, 2002)

Hi

You don't need all those as I left the one
Who said it had anything to do with being out of work.
The ESET trial is a full working product and it will take care of many if not all of her problems
Uninstall it after 30 days if you don't want to buy it
You don't agree with turning off system restore while trying to remove problems?
You will find that many of these are in the system restore area
You will find also that spybot and super antispyware do not get everything that's why they are free
At least take them off while trying to eliminate the problem you can always put them on later after the fact
I realize that not every spyware/antivirus program finds and removes everything but I happens to have the following programs installed in dual boot XP configurations on several computers and some catch things the other ones don't
I usually remove the infected drive and install it in one of the computers of mine and run scans with the software on that computer that is after turning off system restore and uninstalling the antivirus on the infected drive
It takes care of the majority of issues with an infected drive
I know the above information may not help her as she only has one PC but you were wondering

AVIRA
KIS 09
NIS 09
PANDA 09
ESET Smart Sec
etc

Also PC Tools spyware doctor and Webroot spysweeper on a couple drives


----------



## Kenny94 (Dec 16, 2004)

> You don't agree with turning off system restore while trying to remove problems?
> You will find that many of these are in the system restore area


I never said this... I have the user to always flush out all System Restore points after I clean their infections..

As for optimizers and registry cleaners that you recommend.. They don't do much of anything other than possibly causing more harm than good.

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://en.wikipedia.org/wiki/Registry_Clean

See the Disadvantages stocker340



> The ESET trial is a full working product and it will take care of many if not all of her problems Uninstall it after 30 days if you don't want to buy it


Then what should I use for security if I do not keep it...

I'm not going to have this discussion with you stocker340. The user is confused enough. Thanks..


----------



## stocker340 (Oct 8, 2002)

Hello again

To some extent I agree that maybe they are not all some magical cure all as there are many out there that are very poor but there are some good ones also.

I can point you to links on websites that say there is global warming.
I can point you to websites that say there is no such thing also.
So that is up for debate as well.

What do you use to clean and repair infected PC's?

That's why I said install the ESET trial and clean up your problems if it can and if it does and you cannot afford the product then uninstall it and put something on you can afford that could not clean up your problems.

It's not that confusing


----------



## stocker340 (Oct 8, 2002)

Try PC Tools Spyware Doctor as I have had exceptional results with this program and you can get it free also from google with the google pack.
Just uncheck the programs you don't want with it
It is a bit heavy on a PC with lower memory but again take it off after you hopefully find a few things with it.


----------



## shopgurl (Nov 27, 2008)

Kenny94 said:


> Please do an online scan with Kaspersky WebScanner
> 
> Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under *Upgrading Java*, to download and install the latest vesion.
> 
> ...


Hi Kenny,

Here is the Kaspersky scan. Thanks very much. 

Shopgurl
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 06, 2009 05:52:42
Records in database: 1569458
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 90257
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 04:11:48

File name / Threat name / Threats count
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Mimail.j 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 3
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx Infected: Trojan-Spy.HTML.Bayfraud.hl 1
C:\WINNT\Downloaded Program Files\flash.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.be 1
The selected area was scanned.


----------



## Littlefield (Mar 26, 2006)

dand22 said:


> Uninstall Norton.
> Then uninstall all the other stuff these guys have talked about.
> Install AVG or some other free anti virus and then check the speed of you system.
> If you OK then, you do not need RAM.
> ...


The new Norton is better then free avg for security and is not a hog.


----------



## Kenny94 (Dec 16, 2004)

Hi shopgurl...

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this *File* (if present):

C:\WINNT\Downloaded Program Files\*flash.inf *<----- delete

There seem to be viruses in your old email Outlook Express folders, but they should be inactive there..Go head and delete any emails with Outlook Express in the AntiSpam Folder.

Now that your system is clean you should *SET A NEW RESTORE POINT* *to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection*. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To *SET A NEW RESTORE POINT*:
1. Go to *Start* > *Programs* > *Accessories* > *System Tools* and click "*System Restore*".
2. Choose the radio button marked "*Create a Restore Point*" on the first screen then click "*Next*". Give the R.P. a name then click "*Create*". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to *Start* > *Run* and type: *Cleanmgr*
4. Click "*OK*".
5. Click the "*More Options*" Tab.
6. Click "*Clean Up*" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
*How to Create a Restore Point*.
*How to use Cleanmgr*.

*Next*

Click Start, right click on explorer and select internet properties
Click the Tools button, and then click Internet Options.
Click the Advanced tab, and then click Reset.
In the Reset Internet Explorer Settings dialog box, click Reset.
Also try the restore option
When Internet Explorer finishes restoring the settings, click Close, and then click OK.

*Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.*


----------



## shopgurl (Nov 27, 2008)

Hi Kenny,

Sorry, another dumb question, but where do I find "emails with Outlook Express in the AntiSpam Folder" that you said to delete?

Thanks,

Shopgurl


----------



## Rich-M (May 3, 2006)

Open you "Anti Spam Folder" in Outlook Express?


----------



## Kenny94 (Dec 16, 2004)

Thanks Rich....


----------



## Rich-M (May 3, 2006)

Kenny94 said:


> Thanks Rich....


Welcome!!!


----------



## shopgurl (Nov 27, 2008)

Hi Kenny94,

I followed the instructions in your last post to use OTMoveIt3 to remove the file you mentioned. After I rebooted, OTMoveIt3 was gone too (the icon no longer on my desktop.) I think maybe that was supposed to happen...but just checking?

I removed some of the emails in the Norton Anti-Spam folder. There are about 135 left that I sent to myself from my work computer at my old job. It's samples of my work, emails from clients etc, that I'd like to save. Do you think it's a problem if I leave them there?

I have not yet set a new Restore Point. Since I've used my computer quite a bit over the weeks we've been working on this, should I rerun anything to be sure all malware is gone, before doing the new Restore Point?

I checked AVG and ran updates, and it is scheduled to do regular scans. I checked SuperAntiSpyware and did the updates, but it looks like you can't set that for automatic updates with the free version. Should I plan to do that manually? daily? weekly? Is there anything else I should check?

There seems to be another small improvement in speed with the computer. It's not back to the speed of 1-2 years ago, but definitely improved.

Thanks for all your help

Shopgurl


----------



## Kenny94 (Dec 16, 2004)

Hi Shopgurl...

Whats going on...



> Since I've used my computer quite a bit over the weeks we've been working on this, should I rerun anything to be sure all malware is gone, before doing the new Restore Point?


No your fine. Go ahead and set a new restore point...



> checked AVG and ran updates, and it is scheduled to do regular scans. I checked SuperAntiSpyware and did the updates, but it looks like you can't set that for automatic updates with the free version. Should I plan to do that manually? daily? weekly? Is there anything else I should check?


Run SuperAntiSpyware weekly...

Also, You might want to use a faster browser, this will help.. Try Firefox at:

http://www.mozilla.com/en-US/


----------



## dhanubaba (Jan 18, 2009)

windows xp with 384mb ram means surely PC go slow down.If u install nortan also it use huge memory so it would be the reason. Plug new Memory to PC even upto 512 and install virus guard that never eat memory. Example Kaspa, Bitdiff ,machafee, sysmentec..ect....


----------



## shopgurl (Nov 27, 2008)

Hi Kenny94 and everyone else that gave their advice,

Just wanted to say thank you very much!

Shopgurl


----------

