# Slow computer



## PeteJones (Oct 3, 2011)

Hello. I have been having trouble with my computer seeming to gradually get slower for some time. However, this weekend it became VERY slow to the point where videos became practically unwatchable due to slow buffering and the browser struggled opening pages that have no videos or pictures, taking over 5 minutes to do so. After clearing the cache and temp files, running an MBAM scan and de-fragging, some of the slowness was alleviated, but it is still much worse than it was a few days ago.

Also, this computer seems to have trouble installing the Microsoft Updates, as every time I shut down I tell it to install the updates but it seemingly never actually updates as each time i log on it says the same updates are ready to install. I have been having this problem for some months now.

Down to business:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:22 AM, on 10/3/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CA Anti-Phishing Toolbar Helper - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll umxsbxexw.dll 
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
O23 - Service: WinSock Extention Manager (WinExtManager) - Unknown owner - C:\Windows\System32\mdmcls32.exe

--
End of file - 7478 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Ryan at 10:58:08 on 2011-10-03
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1919.684 [GMT -5:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\mdmcls32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\RtHDVCpl.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2191638E-8B70-4175-B316-EF3EA1098A5F} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll umxsbxexw.dll 
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\8w46t0qt.default\
FF - prefs.js: browser.startup.homepage - hxxp://na.leagueoflegends.com/board/forumdisplay.php?f=2|http://www.google.com/#sclient=psy&...gc.r_pw.&fp=5d668ca344cc751b&biw=1440&bih=807
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-7-28 107088]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-7-29 63056]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2011-7-28 66128]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-5-17 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-5-17 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-5-17 206160]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-8-18 20328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-6 21504]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-7-29 152656]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-7-29 82000]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-6 366152]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2011-5-17 3207184]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-6 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-03 13:45:59 -------- d-----w- c:\users\ryan\appdata\local\PackageAware
2011-09-15 23:24:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-09-06 21:47:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 17:29:36 1744912 ----a-w- c:\windows\system32\winsflt.dll
2011-08-24 17:22:17 1422672 ----a-w- c:\windows\system32\cfgmig32.dll
2011-08-24 17:21:59 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-08-24 17:21:59 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-07-29 15:40:08 152656 ----a-w- c:\windows\system32\drivers\KmxCF.sys
2011-07-29 15:39:28 83536 ----a-w- c:\windows\system32\drivers\KmxAgent.sys
2011-07-29 15:39:28 82000 ----a-w- c:\windows\system32\drivers\KmxSbx.sys
2011-07-29 15:39:28 63056 ----a-w- c:\windows\system32\drivers\KmxFile.sys
2011-07-29 15:39:28 331344 ----a-w- c:\windows\system32\drivers\KmxCfg.sys
2011-07-29 15:39:28 164944 ----a-w- c:\windows\system32\drivers\KmxAMRT.sys
2011-07-28 16:17:30 66128 ----a-w- c:\windows\system32\drivers\KmxFilter.sys
2011-07-28 16:17:30 107088 ----a-w- c:\windows\system32\drivers\KmxFw.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 11:00:19.96 ===============

Any help that you wise Tech Support Guys could give me would be very much appreciated.


----------



## flavallee (May 12, 2002)

I suggest you get rid of that system-hungry and problematic *CA Internet Security Suite* and then replace it with *Microsoft Security Essentials 2.1.1116.0* - which is much lighter on system resources and does a very good job and is very user-friendly and is well recommended in these forums.

--------------------------------------------------------

I also suggest that you uncheck *Windows Defender* in the startup list and then disable it in the services list.

It does a crappy job and isn't needed and consumes system resources.

--------------------------------------------------------

Most of the startup entries in Start - Run - MSCONFIG - OK - "Startup" tab can be unchecked.

--------------------------------------------------------

It appears that you had Norton installed at one time.

If you did, you need to download and run the *Norton Removal Tool* so it can get rid of its leftover file and registry debris.

--------------------------------------------------------


----------



## PeteJones (Oct 3, 2011)

Thank you for the prompt response, Flavallee.

I did everything you told me to, but I'm still having much the same problems.

I stopped Windows Defender service and unchecked the startup box then uninstalled CA Internet Security Suite and then restarted the computer.

I then installed Microsoft Security Essentials and ran the Norton Removal Tool and rebooted again. This time Windows installed updates upon shutdown, and it actually seemed to work for once. MBAM was also able to update its definitions, which it was always unable to do before.

Unfortunately, this success in updating did not occur with Microsoft Security Essentials, which repeatedly gets to 25-40% when I try to update before informing me that it can not update because it can't detect an internet connection. [*EDIT: I just tried to update it again and for some reason it was successful this time. I;m not sure why it worked this time around, as I did nothing different from before.*] I have a similar problem with Windows Update, for every time I check for updates, it checks for several minutes, then tells me that "An error occurred while checking for new updates for your computer" and in addition gives me the error "Code 80072EFD Windows Update encountered an unknown error." [*EDIT: Windows Update is still having the same problem. That hasn't changed.* *I'm going to try it one more time.*] [*EDIT2: Encountered the same problem again.*]

In addition to all of this, my internet is still fairly slow, though loading speed is much faster for everything but videos. Those still buffer painfully slow.

I appreciate your help thus far and hope that you are able to further assist me with this problem.


----------



## flavallee (May 12, 2002)

I'll help you as much as I can.

Do the following in the order listed.

-------------------------------------------------------

Click Start - Run, then type in

*%temp%*

then click OK.

Click Start - Run, then type in

*c:\windows\temp*

then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

After you're done, restart the computer.

-------------------------------------------------------

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

-------------------------------------------------------


----------



## PeteJones (Oct 3, 2011)

Once again, thank you for your help. Here is the requested list:

32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92PP Soft Modem
ArcSoft MediaImpression
Auslogics Disk Defrag
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
CPUID CPU-Z 1.55
Digital Media Reader
eMachines Connect
eMachines Games
eMachines Recovery Center Installer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 3.5
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
iSEEK AnswerWorks English Runtime
Java(TM) 6 Update 26
League of Legends
LSI PCI-SV92PP Soft Modem
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Microsoft WSE 3.0 Runtime
mIRC
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA Graphics Driver 267.24
Pando Media Booster
Power Tab Editor 1.7
Power2Go 5.0
PRS-500 USB driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Shape Collage
Snap 'n Share 
Software Informer 1.0 BETA
Spelling Dictionaries Support For Adobe Reader 8
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Uninstall Dual Mode Camera
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)


----------



## flavallee (May 12, 2002)

It'll take me several minutes to review your list and reply back to you.

Did you have any trouble with deleting the contents of those 2 temp folders?

Was there a large buildup of files inside either of them?

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Go to Control Panel - Add Or Remove programs.
Make sure that "Show Updates" is NOT checked.
Make sure that "Sort By - Name" is selected.

*Adobe AIR* isn't needed and can be uninstalled.

*Adobe Flash Player 10 ActiveX* needs to be updated to version *11.0.1.152*

*Adobe Flash Player 10 Plugin* needs to be updated to version *11.0.1.152*

*Adobe Reader 9.4.6* needs to be updated to version *10.1.1*

*Adobe Shockwave Player 11.5* needs to be updated to version *11.6.1.629*

*HiJackThis 2.0.2* needs to be updated to version *2.0.4*

*Java(TM) 6 Update 26* needs to be updated to version *1.6.0.27*

Note: Click the green icon with the white arrow at each site to download them.

*SUPERAntiSpyware Free Edition 5.0.0.1128* should be downloaded and installed so it can work with *Malwarebytes Anti-Malware 1.51.2.1300*(which you already have installed) in combating "nasties" in your computer.

Note: All the Adobe-related ones and Java will overwrite and replace the old version, so there's NO need to uninstall them first. 
You will need to uninstall the old version of HiJackThis because the new version won't overwrite it.

----------------------------------------------------

After the above is done and the computer restarted, start HiJackThis and click "Do a system scan and save a log file".
Save the new log that appears, then submit it here.

----------------------------------------------------


----------



## PeteJones (Oct 3, 2011)

Wow, that updating helped a LOT. The computer has sped up a lot and I can actually watch videos now.  Windows Update was finally able to check for updates and it found 22 important updates, which should hopefully help. I always suspected that it was the CA Internet Security Suite blocking programs from updating correctly, and so I thank you for advising me to remove it. :up:

On that note, CA Personal Firewall still appears on my program list, but when I try to uninstall it I get a pop-up saying "The feature you are trying to use is on a CD-ROM or other removable disk that is not available. Insert the 'CA Personal Firewall' disk and click OK.'" However, I did not install CA from a disk, my ISP provided it for free with internet service and I downloaded it from them. Anyway that you know of that I might be able to remove it anyway?

Here is the requested log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:28:39 PM, on 10/5/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll umxsbxexw.dll 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6265 bytes


----------



## flavallee (May 12, 2002)

After all the uninstalling and updating and restarting that you've done, the temp folders probably need to have their contents deleted again, so do it - per post #4.

----------------------------------------------------------

Go into the *C:\Program Files* folder.

If the *CA* folder is still present, delete it.

Hopefully, it won't resist being deleted.

----------------------------------------------------------

Go to Start - Run - MSCONFIG - OK - "Startup" tab.

Uncheck these startup entries:

*RtHDVCpl*

*GrooveMonitor*

*ArcSoft Connection Service* - or - *ACDaemon*

*SunJavaUpdateSched* - or - *jusched* - or - *Java(TM) - -*

*Adobe ARM*

*WMPNSCFG*

*SUPERAntiSpyware*

After you're done, click Apply - OK/Close - Exit Without Restart.

Go to Start - Run - SERVICES.MSC - OK.

Double-click these service entries, one at a time, to open their properties window:

*ArcSoft Connect Daemon

Adobe Acrobat Update Service

Agere Modem Call Progress Audio

GameConsoleService

getPlus Helper

NVIDIA Driver Helper Service*

Change the "startup type" to Manual(if its set on Automatic), then click Apply - OK.

After you're done, close the window and then restart the computer.

--------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

--------------------------------------------------------


----------



## PeteJones (Oct 3, 2011)

Thank you for the fast reply. The CA folder is not present in C:\Program Files. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:02:20 PM, on 10/5/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll umxsbxexw.dll 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5458 bytes


----------



## flavallee (May 12, 2002)

Let's put Malwarebytes Anti-Malware and SUPERAntiSpyware to work next.

Don't use your computer while the scans are in progress.

Make sure to select the "quick" scan and not the "full/complete" scan because it'll take much longer and isn't needed in most cases.

-------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------

Start SUPERAntiSpyware.

Click "Check for Updates".

When the definition files have updated, click "Close".

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------


----------



## PeteJones (Oct 3, 2011)

Here are the logs. 

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7881

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/5/2011 4:38:13 PM
mbam-log-2011-10-05 (16-38-13).txt

Scan type: Quick scan
Objects scanned: 221388
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2011 at 04:57 PM

Application Version : 5.0.1128

Core Rules Database Version : 7761
Trace Rules Database Version: 5573

Scan type : Quick Scan
Total Scan Time : 00:03:33

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 30155
Registry threats detected : 0
File items scanned : 6945
File threats detected : 61

Adware.Tracking Cookie
C:\USERS\KAYLEE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJ4R2AU2.txt [ Cookie:[email protected]/ ]
C:\USERS\KAYLEE\AppData\Roaming\Microsoft\Windows\Cookies\Low\29VTIO3O.txt [ Cookie:[email protected]/ ]
C:\USERS\KAYLEE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:[email protected]/ ]
C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3222IM1.txt [ Cookie:[email protected]/ ]
C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHN0IVEA.txt [ Cookie:[email protected]/ ]
C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMSYJBP7.txt [ Cookie:[email protected]/ ]
C:\USERS\STEPHANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BKI7A6K9.txt [ Cookie:[email protected]/ ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
us.adserver.yahoo.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8W46T0QT.DEFAULT\COOKIES.SQLITE ]


----------



## flavallee (May 12, 2002)

The MBAM scan came up clean and the SAS scan found only adware tracking cookies, so that's good. :up: Did you select and remove them all?

It looks like there's at least 4 users for that computer. If that's the case, running a quick scan weekly might be a good idea. Just don't forget to update the definition files before running a scan.

Unless you have anything that you'd like to address about that computer, I think we're done.

---------------------------------------------------------


----------



## PeteJones (Oct 3, 2011)

Yes, I removed them all. I will stay on top of those scans and try to keep this machine in the great shape you've got it to. I can't believe how much better it's running, it hasn't ran this fast and smooth since the first few months after we got it. Thank you very much for all of your help. I really can't believe that I was able to get such great service completely free. Again, thank you and have a great life, Flavallee.


----------



## flavallee (May 12, 2002)

I'm glad you're happy with the end results. 

You're very welcome. 

We're here if you need us again. :up:

You can mark your thread solved in the upper left of the page.

----------------------------------------------------


----------

