1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Exhausted, Poor, and Need to Speed Up Slow PC

Discussion in 'Windows XP' started by Niobe, Dec 19, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Hello!

    Have spent (wasted?) better part of the last 5 days (not counting days previous to this current round of troubleshooting) trying to save my PC and sanity. Have limited funds; need free fix.

    Running XP, 64-bit. Deleted unused, unwanted folders/files, uninstalled bad programs, cleaned system w/CCleaner, have MalwareBytes Pro & MSSE for protection. Believe have pared down startup programs to minimum so don't have to mess with starting programs like iTunes (as far as I can tell, am only running 5 programs at startup). Added external hard drive last summer. At first it did the trick; now, worse than ever (I installed & used it w/o knowing enough about it). Sometimes PC runs like bunny & I get so hopeful! Then, it runs like molasses, and "tech rage" soars again. Though am largely self-taught, I suspect that something is running in background that doesn't need to be. I can't find it, though. Have checked Task Manager, but am not knowledgeable as to what all those things are unless has name of program. In addition, when updating/downloading/uninstalling/deleting program, I discover that some app or program like MalwareBytes, MSSE, Games (i.e., solitaire, freecell that comes already installed w/PC), will drop off desktop at unpredictable times. Doesn't happen every time.

    So, I study the forums faithfully, and am hoping I have understood directions for submitting Hijack This info. I need this PC for my job. And, after coming so far down the rabbit hole with her, I'm rather attached to her. Please help!!

    Here is the Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:52:17 AM, on 12/19/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    F:\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    F:\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\sol.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.egihosting.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
    O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119564857029
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - F:\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    --
    End of file - 5720 bytes

    P.S. I do best when directions are given in steps. Also, tech terms and acronyms increase every week. Some I know, and some I don't. I don't want to drive anyone crazy who is kind enough to spend time helping me by asking "What does that mean?" all the time, so please educate me and spell out/explain terms.

    I thank you, kind stranger(s), in advance, and trudge off to bed w/visions of a speedier PC in my head.

    ;o) Niobe
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Deleting files, folders, and programs will make absolutely no difference in your system's speed.

    I have found that all the Apple software running in the background slows many machines I have worked on (Bonjour, MobileDevice, iPod).

    Having more than one real-time antimalware program can lead to slowdowns and conflicts (and even missed infections). They generally try to scan when a file is opened and fight over who gets it first (sometimes). Pick a good one and use others just for scanning.

    Check Task Manager for what process has high CPU use. Also, enable the CPU Time column. That tells you how much virtual CPU clock cycles were used by a process, so it basically tells you how much the CPU was devoted to a process when you weren't watching the Task Manager.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,654
    First Name:
    Frank
    Let's get a better idea of what's installed in that computer.

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    -----------------------------------------------------------------

    Start HiJackThis and click "Do a system scan only".

    When the scan is finished, put a checkmark in:

    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/gho...l/ghostery.cab

    O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab


    then click "Fix Checked - Yes".

    Close HiJackThis.

    ------------------------------------------------------------------

    Why is Malwarebytes in F:\ instead of C:\?

    ------------------------------------------------------------------
     
  4. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Elvandil,

    I so appreciate your reply! I was just now able to see if anyone replied after waiting 45 minutes for my PC to clear, and am now bleary-eyed. I will get to this tomorrow morning.

    Thank you!

    ;o) Niobe
     
  5. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Flavallee,

    Quite an adventure since I posted to Elvandil. I gave your & Elvandil's suggestions a shot, even though bleary-eyed. Got the uninstall list done, then CPU usage went to 100%, mouse froze (just hour glass, no action). got mad and so . . . looks like I'm headed into the early morning hours here. I'm using my netbook now since the hourglass/mouse is still stuck on my reply to you using the PC

    Malwarebytes is in F:\ because in my ignorance was trying to save space on C:\. Should I uninstall it and reinstall it to C:\ ?

    Here is the Hijack This uninstall report you requested:

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2443685)
    HP Product Detection
    iDumpPod2iTunes
    iDumpPod2iTunes
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) Network Connections 13.3.46.0
    iTunes
    Java(TM) 6 Update 22
    KhalSetup
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Security Essentials
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    QuickTime
    Recuva
    Revo Uninstaller 1.90
    SeaTools for Windows
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923789)
    Smart Defrag
    SoundMAX
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2467659)
    WebEx Support Manager for Internet Explorer
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WOT for Internet Explorer

    I can't do anything more with Hijact This until the PC "unspools" or whatever it needs to do. The mouse works on the bottom toolbar, but just shows hourglass everywhere else. I'm scared to give the PC anything else to do. BTW, I while checking Task Manager, sychost.exe showed up about 4 times. While I was waiting & hoping PC would unwind, I handcopied what I saw & didn't know. Here's what showed up: (they're all .exe)

    sol
    mbamgui
    jqs
    WINWORD
    mDNSResponder
    alg
    dpupdchk
    spoolsv
    sychost
    MsMpEng
    lsass
    csrss
    smss
    nsvc.32
    mdm

    I doubt that you or Elvandil are online here right now, but will hang around a little while, then check back tomorrow morning.

    Also, thank you so much for taking the time and making the effort to help me. I truly appreciate it a great deal!

    ;o) Niobe
     
  6. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Okay, am back, Flavallee. Took chance & used task manager to end previous forum session reply to you.

    I finished the 2nd half of your suggestion re running Hijack This with the system scan only & checking those boxes. My goodness! Things are speedy & tight. But . . . this has happened before. How do I know it will stay this way? And, even more important, how did what I did with Hijack This make such a difference?

    Also--Here's some more FYI about my PC: I'd like to get Firefox back. I deleted it because it seemed to be causing problems. I like to run Ghostery on it to prevent being tracked. Does this sound okay?

    I will check back tomorrow and see if there's anything more from you.

    THANK YOU, Flavallee!

    ;o) Niobe
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,654
    First Name:
    Frank
    What is utilizing D:\ and E:\?

    Do you have that hard drive set up in multiple partitions?

    -------------------------------------------------------------------

    Go to Start - Run - MSCONFIG - OK - Startup(tab).

    Write down the names of the entries that still have a checkmark in the "Startup Item" column.

    Submit those names here - without typos.

    -------------------------------------------------------------------

    You don't be any chance have a bunch of services unchecked in Start - Run - MSCONFIG - OK - Services(tab), do you?

    --------------------------------------------------------------------
     
  8. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Thank goodness you are there!

    Here's what I got:

    ipoint
    msseces
    NvCpl
    mbamgui
    qttask
    iTuneshelper
    and 2 lines of many of this symbol 5 with a little tiny light bulb looking symbol in the middle of the string.

    No, there is nothing unchecked in the MSCONFIG window.

    My PC is continuing to run much better, but I've had a couple episodes of the slowdown. I'm trying not to run too many (more than 4) things at once.
     
  9. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,654
    First Name:
    Frank
    Go into Start - Run - MSCONFIG - OK - Startup(tab).

    Remove the checkmark in the startup entries that I've highlighted in bold text.

    ipoint

    msseces

    NvCpl

    mbamgui

    qttask

    iTuneshelper

    and 2 lines of many of this symbol 5 with a little tiny light bulb looking symbol in the middle of the string


    After you're done, click Apply - OK/Close - Exit Without Restart.

    Go into Start - Run - SERVICES.MSC - OK.

    Double-click the below entries one at a time to open their properties window.

    Java Quick Starter

    NVIDIA Display Driver Service


    Change the "startup type" to Manual, then click Apply - OK.

    After you're done, restart the computer.

    When the small System Configuration Utility window appears during restart, ignore its message.

    Put a checkmark in that window, then click OK.

    Start HiJackThis, then click "Do a system scan and save a log file".

    Save the new log, then submit it here.

    ----------------------------------------------------------------
     
  10. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Flavallee,

    Here 'tis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:13:27 PM, on 12/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    F:\Malwarebytes' Anti-Malware\mbamgui.exe
    F:\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F3 - REG:win.ini: load=?
    F3 - REG:win.ini: run=?
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.egihosting.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119564857029
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - F:\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5270 bytes


    BTW, the PC has been running like a champ all day, but after changing the startups to manual, is now slow again. Also, I downloaded Firefox to external using the Firefox Portable. Seems to be working, and thought you ought to know about this change.

    How is what you're having me do helping my PC? I want to learn so I can deal better & more independently.

    Thanks again for your simple, effective effective and your valuable time!

    ;o) Niobe
     
  11. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,654
    First Name:
    Frank
    These log entries

    F3 - REG:win.ini: load=?

    F3 - REG:win.ini: run=?


    were not in your previous log and shouldn't be there.

    I've requested a gold shield malware expert look at your log.

    ----------------------------------------------------

    These startup entries

    AdobeARM

    Reader_sl


    are auto-loading and running in the background again, so they need to be unchecked.

    ----------------------------------------------------
     
  12. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Flavallee,

    Have unchecked the 2 you listed. Will wait to hear about the possible malware issue. I won't download any more programs of any kind until I hear from you. Will check back later today or this evening.

    Thanks again. Really!

    ;o) Niobe
     
  13. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,654
    First Name:
    Frank
    Let's see an updated uninstall list.

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ----------------------------------------------------------------
     
  14. Niobe

    Niobe Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    49
    Flavallee,

    Hope you are there. When I restarted, here's what came up. (Have not done anything since last post but restart.)

    1st Pop-up/dialog: Windows can't find (showed 2 squares from the startup list that were in the bottom 2 rows). Make sure typed correctly, try again. To search for file, check Start and click Search. (I clicked ok)

    2nd Pop-up/: could not load, run (showed those 2 square again) specified in registry. Make sure file exists on computer or remove reference to it in registry. (I clicked ok)

    3rd: same as above, I clicked ok.

    On 1st 2, after ok, got that one-note sudden chord sound. After 3rd & ok, got the 2-note little bell sound. Don't know if this is important, but wanted to include everything.

    Then I got another popup/dialog: System Configuration Utility saying: is currently in diagnostic or selective startup mode causing message to display & utility to run every time Windows starts. Choose Normal Startup mode in General tab to start Windows & undo changes using system configure utility. (I clicked ok)

    Then got the sysconfig utility. (I clicked cancel)

    What's up now?
     
  15. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,654
    First Name:
    Frank
    Recheck those 2 weird-looking startup entries, then click Apply - OK/Close - Restart.

    When the System Configuration Utility window appears during restart, put a checkmark in that window, then click OK to close it. If you don't put a checkmark in that window, it'll appear every time you start your computer.

    It's supposed to be in "Selective Startup" mode. Don't change it to "Normal Startup" mode. If you do, it'll recheck the ENTIRE startup list.

    ---------------------------------------------------------------
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969359

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice