Solved: Exhausted, Poor, and Need to Speed Up Slow PC

[Niobe]

Hello!

Have spent (wasted?) better part of the last 5 days (not counting days previous to this current round of troubleshooting) trying to save my PC and sanity. Have limited funds; need free fix.

Running XP, 64-bit. Deleted unused, unwanted folders/files, uninstalled bad programs, cleaned system w/CCleaner, have MalwareBytes Pro & MSSE for protection. Believe have pared down startup programs to minimum so don't have to mess with starting programs like iTunes (as far as I can tell, am only running 5 programs at startup). Added external hard drive last summer. At first it did the trick; now, worse than ever (I installed & used it w/o knowing enough about it). Sometimes PC runs like bunny & I get so hopeful! Then, it runs like molasses, and "tech rage" soars again. Though am largely self-taught, I suspect that something is running in background that doesn't need to be. I can't find it, though. Have checked Task Manager, but am not knowledgeable as to what all those things are unless has name of program. In addition, when updating/downloading/uninstalling/deleting program, I discover that some app or program like MalwareBytes, MSSE, Games (i.e., solitaire, freecell that comes already installed w/PC), will drop off desktop at unpredictable times. Doesn't happen every time.

So, I study the forums faithfully, and am hoping I have understood directions for submitting Hijack This info. I need this PC for my job. And, after coming so far down the rabbit hole with her, I'm rather attached to her. Please help!!

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:17 AM, on 12/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
F:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
F:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.egihosting.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119564857029
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5720 bytes

P.S. I do best when directions are given in steps. Also, tech terms and acronyms increase every week. Some I know, and some I don't. I don't want to drive anyone crazy who is kind enough to spend time helping me by asking "What does that mean?" all the time, so please educate me and spell out/explain terms.

I thank you, kind stranger(s), in advance, and trudge off to bed w/visions of a speedier PC in my head.

;o) Niobe

 

[Elvandil]

Deleting files, folders, and programs will make absolutely no difference in your system's speed.

I have found that all the Apple software running in the background slows many machines I have worked on (Bonjour, MobileDevice, iPod).

Having more than one real-time antimalware program can lead to slowdowns and conflicts (and even missed infections). They generally try to scan when a file is opened and fight over who gets it first (sometimes). Pick a good one and use others just for scanning.

Check Task Manager for what process has high CPU use. Also, enable the CPU Time column. That tells you how much virtual CPU clock cycles were used by a process, so it basically tells you how much the CPU was devoted to a process when you weren't watching the Task Manager.

 

[flavallee]

Let's get a better idea of what's installed in that computer.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

-----------------------------------------------------------------

Start HiJackThis and click "Do a system scan only".

When the scan is finished, put a checkmark in:

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/gho...l/ghostery.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab

then click "Fix Checked - Yes".

Close HiJackThis.

------------------------------------------------------------------

Why is Malwarebytes in F:\ instead of C:\?

------------------------------------------------------------------

 

[Niobe]

Elvandil,

I so appreciate your reply! I was just now able to see if anyone replied after waiting 45 minutes for my PC to clear, and am now bleary-eyed. I will get to this tomorrow morning.

Thank you!

;o) Niobe

 

[Niobe]

Flavallee,

Quite an adventure since I posted to Elvandil. I gave your & Elvandil's suggestions a shot, even though bleary-eyed. Got the uninstall list done, then CPU usage went to 100%, mouse froze (just hour glass, no action). got mad and so . . . looks like I'm headed into the early morning hours here. I'm using my netbook now since the hourglass/mouse is still stuck on my reply to you using the PC

Malwarebytes is in F:\ because in my ignorance was trying to save space on C:\. Should I uninstall it and reinstall it to C:\ ?

Here is the Hijack This uninstall report you requested:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
HP Product Detection
iDumpPod2iTunes
iDumpPod2iTunes
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 13.3.46.0
iTunes
Java(TM) 6 Update 22
KhalSetup
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Recuva
Revo Uninstaller 1.90
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923789)
Smart Defrag
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
WebEx Support Manager for Internet Explorer
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WOT for Internet Explorer

I can't do anything more with Hijact This until the PC "unspools" or whatever it needs to do. The mouse works on the bottom toolbar, but just shows hourglass everywhere else. I'm scared to give the PC anything else to do. BTW, I while checking Task Manager, sychost.exe showed up about 4 times. While I was waiting & hoping PC would unwind, I handcopied what I saw & didn't know. Here's what showed up: (they're all .exe)

sol
mbamgui
jqs
WINWORD
mDNSResponder
alg
dpupdchk
spoolsv
sychost
MsMpEng
lsass
csrss
smss
nsvc.32
mdm

I doubt that you or Elvandil are online here right now, but will hang around a little while, then check back tomorrow morning.

Also, thank you so much for taking the time and making the effort to help me. I truly appreciate it a great deal!

;o) Niobe

 

[Niobe]

Okay, am back, Flavallee. Took chance & used task manager to end previous forum session reply to you.

I finished the 2nd half of your suggestion re running Hijack This with the system scan only & checking those boxes. My goodness! Things are speedy & tight. But . . . this has happened before. How do I know it will stay this way? And, even more important, how did what I did with Hijack This make such a difference?

Also--Here's some more FYI about my PC: I'd like to get Firefox back. I deleted it because it seemed to be causing problems. I like to run Ghostery on it to prevent being tracked. Does this sound okay?

I will check back tomorrow and see if there's anything more from you.

THANK YOU, Flavallee!

;o) Niobe

 

[flavallee]

Malwarebytes is in F:\ because in my ignorance was trying to save space on C:\. Should I uninstall it and reinstall it to C:\ ?

What is utilizing D:\ and E:\?

Do you have that hard drive set up in multiple partitions?

-------------------------------------------------------------------

Go to Start - Run - MSCONFIG - OK - Startup(tab).

Write down the names of the entries that still have a checkmark in the "Startup Item" column.

Submit those names here - without typos.

-------------------------------------------------------------------

You don't be any chance have a bunch of services unchecked in Start - Run - MSCONFIG - OK - Services(tab), do you?

--------------------------------------------------------------------

 

[Niobe]

Thank goodness you are there!

Here's what I got:

ipoint
msseces
NvCpl
mbamgui
qttask
iTuneshelper
and 2 lines of many of this symbol 5 with a little tiny light bulb looking symbol in the middle of the string.

No, there is nothing unchecked in the MSCONFIG window.

My PC is continuing to run much better, but I've had a couple episodes of the slowdown. I'm trying not to run too many (more than 4) things at once.

 

[flavallee]

Go into Start - Run - MSCONFIG - OK - Startup(tab).

Remove the checkmark in the startup entries that I've highlighted in bold text.

ipoint

msseces

NvCpl

mbamgui

qttask

iTuneshelper

and 2 lines of many of this symbol 5 with a little tiny light bulb looking symbol in the middle of the string

After you're done, click Apply - OK/Close - Exit Without Restart.

Go into Start - Run - SERVICES.MSC - OK.

Double-click the below entries one at a time to open their properties window.

Java Quick Starter

NVIDIA Display Driver Service

Change the "startup type" to Manual, then click Apply - OK.

After you're done, restart the computer.

When the small System Configuration Utility window appears during restart, ignore its message.

Put a checkmark in that window, then click OK.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log, then submit it here.

----------------------------------------------------------------

 

[Niobe]

Flavallee,

Here 'tis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:27 PM, on 12/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Malwarebytes' Anti-Malware\mbamgui.exe
F:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=?
F3 - REG:win.ini: run=?
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.egihosting.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119564857029
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5270 bytes


BTW, the PC has been running like a champ all day, but after changing the startups to manual, is now slow again. Also, I downloaded Firefox to external using the Firefox Portable. Seems to be working, and thought you ought to know about this change.

How is what you're having me do helping my PC? I want to learn so I can deal better & more independently.

Thanks again for your simple, effective effective and your valuable time!

;o) Niobe

 

[flavallee]

These log entries

F3 - REG:win.ini: load=?

F3 - REG:win.ini: run=?

were not in your previous log and shouldn't be there.

I've requested a gold shield malware expert look at your log.

----------------------------------------------------

These startup entries

AdobeARM

Reader_sl

are auto-loading and running in the background again, so they need to be unchecked.

----------------------------------------------------

 

[Niobe]

Flavallee,

Have unchecked the 2 you listed. Will wait to hear about the possible malware issue. I won't download any more programs of any kind until I hear from you. Will check back later today or this evening.

Thanks again. Really!

;o) Niobe

 

[flavallee]

Let's see an updated uninstall list.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------------

 

[Niobe]

Flavallee,

Hope you are there. When I restarted, here's what came up. (Have not done anything since last post but restart.)

1st Pop-up/dialog: Windows can't find (showed 2 squares from the startup list that were in the bottom 2 rows). Make sure typed correctly, try again. To search for file, check Start and click Search. (I clicked ok)

2nd Pop-up/: could not load, run (showed those 2 square again) specified in registry. Make sure file exists on computer or remove reference to it in registry. (I clicked ok)

3rd: same as above, I clicked ok.

On 1st 2, after ok, got that one-note sudden chord sound. After 3rd & ok, got the 2-note little bell sound. Don't know if this is important, but wanted to include everything.

Then I got another popup/dialog: System Configuration Utility saying: is currently in diagnostic or selective startup mode causing message to display & utility to run every time Windows starts. Choose Normal Startup mode in General tab to start Windows & undo changes using system configure utility. (I clicked ok)

Then got the sysconfig utility. (I clicked cancel)

What's up now?

 

[flavallee]

Recheck those 2 weird-looking startup entries, then click Apply - OK/Close - Restart.

When the System Configuration Utility window appears during restart, put a checkmark in that window, then click OK to close it. If you don't put a checkmark in that window, it'll appear every time you start your computer.

It's supposed to be in "Selective Startup" mode. Don't change it to "Normal Startup" mode. If you do, it'll recheck the ENTIRE startup list.

---------------------------------------------------------------