[guille_ba]

Hi,
My PC run on Windows XP but it becaming slower day by day , Norton has detected 3 menace files but in spite I choose "delete files", they still existing.
Anybody can help me?
Thanks.


The Norton activity log says:
Fuente: C:\WINDOWS\system\svchost.exe
Descripción: El archivo C:\WINDOWS\system\svchost.exe es una amenaza Software espía.
Haga clic aquí para obtener más información acerca de esta amenaza : Spyware.HandyKeylogger

Fuente: C:\WINDOWS\system32\HLib32.dll
Descripción: El archivo C:\WINDOWS\system32\HLib32.dll es una amenaza Software espía.
Haga clic aquí para obtener más información acerca de esta amenaza : Spyware.HandyKeylogger

Fuente: explorer.exe
Descripción: El archivo comprimido explorer.exe incluido en C:\explorer.cab es una amenaza Marcador.
Haga clic aquí para obtener más información acerca de esta amenaza : Download.Dialer

The HijackThis log says:
Logfile of HijackThis v1.98.2
Scan saved at 10:16:39 a.m., on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\Archivos de programa\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\PREVX\Prevx Home\SAGUI.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Outlook Express\msimn.exe
C:\WINDOWS\system32\notepad.exe
E:\INSTALAC\HijackThis\Appl\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Barra de herramientas de MSN*Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barra de herramientas de MSN*Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServMariano.exe"
O4 - HKLM\..\Run: [PrevxHome] C:\Archivos de programa\PREVX\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MSN Search - res://C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll/search.htm
O8 - Extra context menu item: Abrir en nueva ficha de fondo - res://C:\Archivos de programa\MSN Toolbar Suite\TAB\02.05.0001.1119\es-es\msntabres.dll/229?a7fde78d50ae45cc9d5573236debb279
O8 - Extra context menu item: Abrir en nueva ficha en primer plano - res://C:\Archivos de programa\MSN Toolbar Suite\TAB\02.05.0001.1119\es-es\msntabres.dll/230?a7fde78d50ae45cc9d5573236debb279
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ameritradeevents.webex.com/c...nt/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17693037-1669-4CB4-9DED-6C7BE2B91C6B}: NameServer = 200.45.191.35 200.45.191.40
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

[flavallee]

Trim down the startup list. Other than entries for an antivirus program and third-party firewall program, very few other programs need to automatically load and run.

-------------------------------------------------------------------------------------

Install and update and run a scan with

Ad-Aware SE Personal 1.06
Spybot - Search & Destroy 1.4

at least once a week to get rid of the buildup of spyware, adware, and other "nasties". You can download them from the "spyware tools" section at www.majorgeeks.com

-------------------------------------------------------------------------------------

Delete everything inside of the

C:\TEMP
C:\WINDOWS\TEMP
C:\DOCUMENTS AND SETTINGS\(USERNAME)\LOCAL SETTINGS\TEMP

folders at least once a week to get rid of the buildup of temp files.

--------------------------------------------------------------------------------------

[guille_ba]

>Sorry, I don't know the meaning of "to trim down the startup list", do I have to boot in safe mode? or I have to delete some part of the "system.ini", "win.ini", "system services" or "startup elements".

[guille_ba]

do I have to uninstall the NAV2005 and the PrevX too definitively? Thanks.

[flavallee]

I just realized that you're using an old version(1.98.2) of HijackThis.

Download HijackThis 1.99.1 from this link:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Save the "HJTsetup.exe" file to your desktop or whereever you want to save it.

Close all open browser windows.

Double-click on the "HJTsetup.exe" file that you just downloaded and saved.

Allow it to install to C:\Program Files\HijackThis.

Continue to click "Next" in the setup dialog boxes until you get to the "Select Additional Tasks" dialog.

Put a checkmark by "Create a desktop icon", then click the "Next" button.

Continue to follow the rest of the prompts from there.

At the final dialog box, click "Finish". That will start the HijackThis program. If the program doesn't start on its own, just double-click its desktop icon.

Click on the "Do a system scan and save a log file" button. HijackThis will scan your system and then ask you to save the log.

Click "Save" to save the log file. The log will open in Notepad.

Click "Format - Word Wrap" and make sure there is a checkmark next to "Word Wrap". This allows the text to be viewed properly without having to scroll back and forth.

Click "Edit - Select All", then click "Edit - Copy". Do not close Notepad yet. Just minimize it and get it out of the way.

Come back to your thread and open a new reply window, then click "Edit - Paste". The log will then appear in the reply window. You can add any comments above or below the log, if you wish.

-------------------------------------------------------------------------------------

Click Start - Run, type in MSCONFIG and then click OK - "Startup" tab.

Each entry listed there with a checkmark next to it is loading during startup and running in the background. By removing the checkmark from unnecessary entries, clicking Apply - OK and then rebooting, it prevents these entries from loading and running.

This site will assist you in deciding which entries to uncheck and disable.

------------------------------------------------------------------------------------

[guille_ba]

Hi Flavallee, thank for your patient.

Yesterday, I used the msconfig and I unchecked every item on the startup tab except 3 programs: sagui(prevx), cftmon and ramasst. I was using the PC with the rest of the items unchecked, norton included, because one of the suspicious keyloggers was a Symantec file. From that list, I can recognize some software that I intentionally installed, but there are others that I don't recognize so and I don't know how to realize if the file should be checked or unchecked. Than you again.

Here is the log of the HijackThis v1.99.1:Logfile of HijackThis v1.99.1
Scan saved at 11:08:41 a.m., on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Barra de herramientas de MSN*Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barra de herramientas de MSN*Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll
O4 - HKLM\..\Run: [PrevxHome] C:\Archivos de programa\PREVX\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MSN Search - res://C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll/search.htm
O8 - Extra context menu item: Abrir en nueva ficha de fondo - res://C:\Archivos de programa\MSN Toolbar Suite\TAB\02.05.0001.1119\es-es\msntabres.dll/229?a7fde78d50ae45cc9d5573236debb279
O8 - Extra context menu item: Abrir en nueva ficha en primer plano - res://C:\Archivos de programa\MSN Toolbar Suite\TAB\02.05.0001.1119\es-es\msntabres.dll/230?a7fde78d50ae45cc9d5573236debb279
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17693037-1669-4CB4-9DED-6C7BE2B91C6B}: NameServer = 200.45.191.35 200.45.191.40
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Archivos de programa\PREVX\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe

[guille_ba]

I almost forget it: before I unchecked the items on the startup tab, the "ccapp" application (by symantec) was used between 93 and 99% of the CPU resources most f the time at the task manager.

[flavallee]

You shouldn't be using your computer on-line with no antivirus program running in the background. Either reactivate Symantec Norton or uninstall it and replace it with Grisoft AVG Free Edition 7.1. You can download and install it from here.

-------------------------------------------------------------------------------------

[guille_ba]

Hi Flavallee, I had some troubles downloading the AVG but now it's installed, updated & running. There were three files infected, two of them vaulted (trojan horse PSW, generic, RJT in "c:windows\system32\hlib32.dll" and in "c:\system volume information\_restore...\A0002415.dll") and the other one healted. NAV2005 is completely uninstalled. The startup list stills with some items unchecked, remember that I can't recognize some of them, so I don't know how to realize if the file should be checked or unchecked.
Do I have to execute the HijackThis this way? or I should check every item before make it run. And another question: How should I do to make some of this items disappear from the startup list instead of uncheck them. Thank you.

[flavallee]

Go back into the "Startup" tab and write down the entire list in the leftmost column under "Startup Item". Post them here in a vertical column just like you see them, and make sure to spell them correctly. Make note of which ones have a checkmark and which ones don't. I'll review the list and then advise you which ones to leave checked or unchecked.

-------------------------------------------------------------------------------------

If you've uninstalled Symantec Norton, do the following:

1. Check the Add/Remove Programs list and make sure that any entries with

Symantec
Norton
LiveUpdate

are gone. If not, uninstall them.

2. Go into the C:\Program Files folder and delete any leftover folders with the same names.

3. Click Start - Run, type in REGEDIT and then click OK. Click the + in

HKEY_CURRENT_USER
Software

HKEY_LOCAL_MACHINE
Software

In the "Software" sub-menu of both, look for any leftover

Symantec
Norton

entries. If they're still there, right-click directly on them and then click Delete - Yes.

4. Reboot afterwards.

-------------------------------------------------------------------------------------

[guille_ba]

ok, here is the list of the "Startup items"

SAGUI (checkmarked, located in PrevX folder)
BSCLIP (checkmarked, came with the DVD writer software)
avgcc (checkmarked, I believe it came with the AVG antivirus)
cftmon (checkmarked, located in c:\windows\system32)
RAMASST (checkmarked, located in c:\windows\system32)
ccApp (not checkmarked, located in symantec shared files folder. This process was using more than 93% of CPU resources before I unchekmarked)
dumprep 0 -k (not checkmarked, I have no idea where it came from)
mm_tray (not checkmarked, located in musicmatch jukebox folder)
pctspk (not checkmarked, I have no idea where it came from)
qqtask (not checkmarkedlocated in quicktime folder)
PDVDServMariano (not checkmarked, located in Power DVD software folder but I untrust of the ending part of the file name "mariano", like if it was changed)
SNDMon (not checkmarked, located in SymNetDrv folder, ¿symantec?)
winlogons (not checkmarked, located in programfiles\Free KGB Keylogger folder, I dont know where it came from)
Búsqueda en el escritorio de Windows (not checkmarked, this is the name of the first column, "search in Windows Desktop")
Microsoft Office (not checkmarked, the command is "C:\Archivos de programa\Microsoft Office\Office\osa9.exe -b -l")

1. there were no norton/symantec/liveupdate software in add/remove programs.
2. "Norton Antivirus", "Symantec" and "SymNetDrv" folders deleted.
3. done.
4. done

[flavallee]

Remove the checkmark from:

BSCLIP Read here.
If you use it, keep it checked.

To explain what pctspk is, read here.
You no longer need it anyway, since you got rid of Symantec Norton.

avgcc is associated with AVG antivirus, so leave it checked.

------------------------------------------------------------------------------------

[guille_ba]

Hi Flavallee, everything is done. Thank you for help. Every thing you said to me is done.
But, every time I boot the PC, the msconfig window appears saying to me that there are services and startup item unmarked.

At the services tab, the only item unmarked is:
"MS Software Generic Host Process for Win32 Services" (owner unknown, it isn't Microsoft Corporation)

and at the startup tab, there are a lot of items unmarked. I don't know if I should take the unmarked items of the startup list and I don't know how to do it.

[flavallee]

Sorry. I forgot to tell you that the SCU window would appear during reboot after you make any changes to the startup list. Ignore the message, place a checkmark in it, then click OK. it will no longer appear.

Do not place a checkmark back in the startup entries that are currently unchecked. You don't want startup entries running in the background that don't need to be doing that.

--------------------------------------------------------------------------------------

[guille_ba]

ok, thank you very much.