Please Help

Welcome to Major Geeks!

As stated at the top of the READ & RUN ME, slow PC syndrome is not always due to malware.

I'm going thru your logs now and will let you know what I see. I will also post any performance tips that I may notice.

 

HijackThis should not be here:
C:\Program Files\analyse.exe

It should be here:
C:\Program Files\HijackThis\analyse.exe

All the stuff being detected by BitDefender and Panda in various email boxes and folders like Inbox impaired that you have all over the place need to be manually cleaned up by you.

• Do you really need JUSearch from Juno? Do you need their Toolbar? Uninstall the Juno software if you don't need it. It is just adding to your slow down.
• Do you use Microsoft Money? If so why do you need it to always load at startup?
• Do you ever make use of LogitechDesktop Messenger? I personally recommen uninstalling this.
• Embarq TotalAccess - which is probably the same as Earthlink's TotalAccess has been know to bog PCs down. If you don't need this sotware just to get your internet connection to work, consider uninstall it.

If the below are items you need, you should move them someplace safer and more permanent. You should avoid cluttering up your root folder (and also your Desktop) which can slow down your PC too.

Code:

"C:\"
1stsem~1.qpw  Jul 24 2007      231657  "1st Sem Grades 0607.qpw"
2007re~1.doc  Aug 25 2007       29184  "2007Registration.doc"
ba5130~1.wbk  Aug 16 2007       29696  "Backup of Pannell August 2007.wbk"
ba6397~1.wbk  Aug  9 2007       28160  "Backup of Pannell 2007.wbk"
backup~1.wbk  Aug  9 2007      239104  "Backup of Wake Tech 134ApplicationforEmployment.wbk"
backup~2.wbk  Aug  6 2007      321536  "Backup of Gregus Section 2 Questions.wbk"
backup~3.wbk  Aug  6 2007       31232  "Backup of Pannell Cvr Ltr.wbk"
backup~4.wbk  Aug  6 2007       25088  "Backup of Pannell Cvr Ltr Chapel Hill.wbk"
dmaadl~1.doc  Jul 23 2007      124416  "DMA ADL DISABILITY FORM.doc"
fightl~1.doc  Aug 14 2007       57856  "Fight Like a Girl CHAP 1 Sample.doc"
gregus~1.doc  Aug  6 2007      318976  "Gregus Questions.doc"
pacd7d~1.doc  Aug 16 2007       31232  "Pannell August 2007.DOC"
pae581~1.doc  Aug  6 2007       33280  "Pannell RESUME and Cvr Ltr.DOC"
pannel~1.doc  Jul 19 2007       67072  "Pannell 07.DOC"
pannel~2.doc  Aug 22 2007       28672  "Pannell 2007.DOC"
pannel~3.doc  Aug  6 2007       30720  "Pannell Cvr Ltr.DOC"
pannel~4.doc  Aug  6 2007       33792  "Pannell Cvr Ltr Chapel Hill.DOC"
quixta~1.doc  Aug 13 2007       20480  "Quixtar Comments.doc"
wakete~1.doc  Aug  9 2007      238592  "Wake Tech 134ApplicationforEmployment.doc"

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below folders which may be left behind by the uninstall:
C:\Documents and Settings\Rachel P\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Uninstall the below old version of FireFox:
Mozilla Firefox (1.5)
Then install the current version of FireFox from: Mozilla Firefox

You missed some items that should have been uninstall in step 0 & 6 of the READ ME. Uninstall the below now.
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.0_01
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_05
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)

Since you do not have any Symantec software installed the below items should be uninstalled via Add/Remove programs. Tell me if you don't find these:
LiveUpdate 2.5 (Symantec Corporation)
Symantec Network Driver Update

Is your copy of SpySweeper a paid version or free trial version?


The below items to fix with HijackThis are all unnecessary items that are adding to your slow performance.

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Delete the below file if found:
C:\Documents and Settings\Rachel P\Desktop\Dwnlds\SmileyCentralSetup2.0.3.16.exe

Now reboot your PC!


Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

The software you got from your ISP for protecting your PC may possibly be part of your slow down issues. We shall see after all other steps are completed.

 

Rename the file locally on your PC back to have a .html extension rather than a .txt extension. The just double click on the file and your browser will popup and show it nicely formatted.

Sorry, I forgot to delete that request when I changed your procedure to manually delete a file. You did not run Avenger so don't worry about it.

Leave it for now but I would be some of it is not required.

Free trials do not normally update anymore. If you do not have a valid license (i.e, you did not buy it and I think you would know that unless it was a trial that came with your PC or was given to you by your ISP).

Yes and no! You don't need to and should not use MSconfig like that. For startups like this, you should just permanently remove them or configure within the program not to load at startup. You can use HijackThis to remove the MSMoney startup. It will not affect normal operation. But I believe we did this already in my previous instructions.

What items did you normally disable and why? Explain what you never use, and what you use sometimes.

 

I still see Symantec Network Driver Update in your newfiles.txt log. Does it not appear in Add/Remove programs. If not, run the below and attach the log:

Getting Uninstall Programs List From The Registry

Do you really use Yahoo Toolbar? I find it to be a waste of system resources and unnecessary.

Do you still use NetZero? Since Earthlink seems to be your ISP, why is the software (including a toolbar) from NetZero installed.

You should have HijackThis fix the below line:
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)


Your logs are clean!

 

You forgot to attach this log. I need it so that we can continue.

Yes uninstall Yahoo! Toolbar

The uninstall this. You said multiple times you son sometimes uses your PC. Does he have his own user account? He should. That way things he needs can load at startup in his account but not in yours.

You can always reinstall any particular software you need of theirs so I would try to determine exactly what you really NEED and do not need. You probably don't need too much of it. But read further down.

I'm going to give you some items to download. Just download them first. We will then uninstall some of your software and then install the items I'm having you download. What we will be trying to do is remove all of your ISP's protection software and any other junk you don't need from them. And we will replace it with free and better tools. Now download the below:

• AVG Free Edition
• Comodo Personal Firewall
• SpyWare Blaster

Now uninstall the below from your ISP:

• Authentium FW SDK
• Authentium
• EarthLink Protection Control Center
• EarthLink Toolbar
• Protection Control Center
• TotalAccess Core Applications

They have other things installed but you may or may not need them. This are things you will have to determine.

• EarthLink Common Authentication
• EarthLink FastLane
• EarthLink MailBox
• EarthLink Software

Now install the and get any updates for the programs I just had you download. These will give you a new antivirus and firewall program. Also SpywareBlaster will not use any system resources (i.e. will not effect performance) but adds some addition behind the scenes protection. Download Latest Protection Updates for SpywareBlaster, Check for Updates, and then Enable All Protection, then exit. It will add protection for both IE and FireFox.

This is from Nero and allows for drag and drop type packet writing. Like using your CD/DVD drive almost like a hard disk. If you never use this, you can just have HijackThis fix that startup line:

O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"

Note anything you fix with HJT is saved to a backup and can always be restored if you change your mind later. Just don't delete the HijackThis folder or backups folder which is saved in the HJT folder.

Have HJT fix the below startups:

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\Embarq TotalAccess\TaskPanl.exe" -winstart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe

Why is it gone? You need this to provide your realtime antispyware protection but note while Spy Sweeper is a great tool, it does cause some PC's to slow down a lot.


After doing ALL of the above tell me how things are working. Also attach new logs from:

• ShowNew
• HijackThis

Also attach the GetUnKey log you did not attach (I recommend getting a new one and attaching it since we just uninstalled a bunch of things).

 

Why did you go back and delete your previous logs today? This was a bad thing to do and it is unnecessary. In addition, you are not even supposed to be able to edit those messages after 5 minutes but bugs in the vBulletin code sometimes allow it. I know have no old information to base comments and fixes on.

 

That is more than likely because they were all considered part of something else that you already uninstalled. They are all gone now.

Is your PC running any better right at this immediate time?

Yes.



Did you decide that you did not want to fix the below as suggested?
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"

You do need to also fix the below:
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now delete the below folder if found:
C:\Program Files\Common Files\Symantec Shared


You now need to install the software I recommended. Then attach new logs from ShowNew and HJT and tell me how everything is working.

 

If you try to attach the exact same logs, it will not let you. It will tell you they are already posted and show you where. You should not delete old logs as it is never the reason for having a problem. The problem occurs when you try to post duplicates. Also sometimes attaching logs does not work properly because you just need to flush your broswer cache and then do a refresh..

You still need to respond to message # 12.

 

Yes!

Yes! Nothing special, just delete it.

Since you have Spy Sweeper installed you probably have it setup to block changes to those settings. You need to either approve the changes or you will need to shutdown Spy Sweeper to make the changes. Not however that Spy Sweeper may remember the current settings and restore them as soon as you restart or reboot. You may need to approve the changes at that time. Sometime for people like yourself that may not understand all of these protection software settings, it can be easier to uninstall it, make your changes and then reinstall it. See the end of this message for more on Spy Sweeper!!!

It's a valid Windows process that you will normally see 3 to 6 running. You can allow it.

There is not too much more we can change. Some of this is due to the protection software having to configure/hook in as your PC loads. There is no way around this. The time it is taking could be due to your PC's specs. What kind of processor do you have (Intel or AMD), what speed is it, how much RAM do you have, how fast is your hard disk and how old it it? When is the last time you did a defrag?

However since we have a potential issue with Spy Sweeper blocking your changes, please try uninstalling Spy Sweeper. Then reboot. How does your boot time look now? You can reinstall Spy Sweeper anytime you like.


Other things I noticed.

You can have HJT fix this next line which you really should not need to load:

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

Do you use the below? Is this software still installed?
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

 

Well now that makes a little more sense. Your PC is on the slow side and has way too little RAM to be running Windows XP and the additional other software that your are running.

You should post additional questions on trying to upgrade your RAM in the Hardware Forum. This is not a topic for this forum. Neither is the low virtual memory issue. You need to increase the size of your virtual memory. You can also discuss this in the Software or Hardware Forum.


My recommendation (besides uprading your RAM to 1 GB) would be uninstall Spy Sweeper because I don't think you have enough CPU speed or RAM to run it.