my computer is running really slow!!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by nolf10, Mar 16, 2013.

  1. nolf10

    nolf10 Private E-2

    I think the problems started several months ago. First, I can not register some .dll files, then I noticed that I can not use Windows Update (every time I open Windows update, I get the "Files required to run windows update are either missing or needs to be reinstalled). Now everything runs very slow. I'm not sure whether it's a malware problem or something else.
    I have attached all the logs that is requested.
    Here are my specs:
    Intel Pentium 4 CPU 2.66 GHz
    Windows XP Service Pack 3
    3.00 GB of RAM

    Any help would be much appreciated. Thank you very much.
     

    Attached Files:

    nolf10, Mar 16, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Based on your logs, the problems may not be due to malware. However let's cleanup a bunch of junk you have and see what happens. Run Hitman Pro again and this time allow it to fix the Malware remnants and the Potential Unwanted Programs. Only fix these and nothing else and then reboot.

    Uninstall the below software:
    Coupon Printer for Windows
    Java(TM) 6 Update 18
    Java(TM) 6 Update 30
    Java(TM) 7 Update 5
    Yahoo! Search Protection

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\FYTDL Toolbar\tbcore3.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
    O3 - Toolbar: FYTDL Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\FYTDL Toolbar\tbcore3.dll
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

    After clicking Fix, exit HJT.

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Any change to your performance?
     
    chaslang, Mar 17, 2013
    #2
  3. nolf10

    nolf10 Private E-2

    Hi, thank you for responding to my message. I have run Hitman Pro again and do all your suggestions. I also have uninstallled Coupon Printer and Yahoo! search protection, unfortunately I am unable to uninstall the Java updates because I can not access the Windows Installer Service. I also have run the MGTools, and deleted all the lines that you have suggested. I also have downloaded and run the Junkyard Removal Tool. Overall, there is no improvement to my computer's performance so far.
    Here is the log:
     

    Attached Files:

    • JRT.txt
      File size:
      13.7 KB
      Views:
      2
    nolf10, Mar 17, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well as stated, your problems did not seem to be due to malware, but I would have expected that there should have been a little bit of change. I see that you recently ( Dec 2012 ) had done an install of Windows into a new folder ( "C:\WINDOWS1\ ) . This may be the issue. A clean reinstall from scratch would be much better.


    Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.



    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 17, 2013
    #4
  5. nolf10

    nolf10 Private E-2

    Hi, I'm sorry for the lack of updates. the good news is after running the Windows Repair, I am able to regain access to the items in the Administrative Tools on the Control Panel. When I try to access the Windows update, I still get the error code 0x8007043C. The bad news is everything is still running very slow in normal mode (can not open programs), which means that I am still can able to uninstall the Java updates. Here are the latest logs from MGTools. Is this means that the only alternative for me is to reinstall Windows XP SP3 from scratch?
    Thank you very much for all your suggestions so far.
     

    Attached Files:

    nolf10, Mar 20, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is from safe boot mode. I really need a log from normal boot mode. Are you unable to run in normal boot mode?

    The error code you mentioned also indicates that you are trying to do Windows update in safe boot mode and it requires a service/driver that is only run in normal boot mode.
     
    chaslang, Mar 24, 2013
    #6
  7. nolf10

    nolf10 Private E-2

    Hi, thank you for your reply. I am finally able to uninstall the Java updates using the Windows Install Clean Up utility, however when I'm trying to install the latest Java update (version 7 update 17), I get an error that said a previous installation have to be finished first before I can install this update. I also still can not open most programs in normal mode, such as Opera and Internet Explorer. However when I try to open Internet Explorer in safe mode, it opens but in the task manager, the process name is IEXPLORE.EXE (if I'm not mistaken, the process name is usually iexplore.exe), and it is listed twice, can you tell me whether this normal or not?
    I will try to run the Windows Repair again from normal mode and posted the logs.
    Thank you very much
     
    nolf10, Mar 24, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Normal.

    Actually I only needed you to run MGtools from normal mode. Safe boot mode logs are not that helpful unless there is no other choice.
     
    chaslang, Mar 25, 2013
    #8
  9. nolf10

    nolf10 Private E-2

    Hi, I am finally able to run Windows Repair in normal mode, and the program are able to fix most of my problems, except I am still unable to open Internet Explorer, which is why I can not run Windows Update (but I have already set up the Automatic Updates). Do you recommend that I try to reinstall Internet Explorer? I will also try to install the latest Java update again.
    Here is the latest log from MGTools.
    Once again, thank you for all your help with my problem.
     

    Attached Files:

    nolf10, Mar 25, 2013
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The first thing you need to do is to run MSconfig and put your PC back into Normal Startup mode. Then immediately reboot your PC.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
     
    chaslang, Mar 31, 2013
    #10
  11. nolf10

    nolf10 Private E-2

    Hi, based on all your suggestions, I am finally able to run all my programs in normal mode, and everything have run smoothly so far just as before the problem. I also have installed the latest Java update. Hopefully this problem won't happened again. Per your request, I also have attached the latest logs from MGtools that I run today (hopefully I get it right this time!!!).
    Hoped you enjoyed the rest of your weekend and thanks again!!! :)
     

    Attached Files:

    nolf10, Mar 31, 2013
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Per this last log, you did not run MSconfig and choose normal startup mode as requested.
     
    Last edited: Apr 5, 2013
    chaslang, Apr 1, 2013
    #12
  13. nolf10

    nolf10 Private E-2

    Hi, here is my log from MGtools in normal mode. Everything is running normally now. I'm very sorry for wasting your time before by giving you the wrong logs . Thanks again for all your help!!! :)
     

    Attached Files:

    nolf10, Apr 3, 2013
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome but you still did not select normal startup mode. You are in selective startup mode. You have many things being disabled by MSconfig. The below comes from your logs and shows all the items you have disabled:
    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"MsMpSvc"=dword:00000002
"sdCoreService"=dword:00000003
"sdAuxService"=dword:00000003
"mcupdmgr.exe"=dword:00000003
"McComponentHostService"=dword:00000003
"vToolbarUpdater"=dword:00000002
"!SASCORE"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS1\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"backup"="C:\\WINDOWS1\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"item"="ATI CATALYST System Tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS1\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS1\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Kodak software updater.lnk]
"backup"="C:\\WINDOWS1\\pss\\KODAK Software Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="KODAK Software Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS1\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"backup"="C:\\WINDOWS1\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"item"="QuickBooks Update Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
"backup"="C:\\WINDOWS1\\pss\\Symantec Fax Starter Edition Port.lnkCommon Startup"
"location"="Common Startup"
"item"="Symantec Fax Starter Edition Port"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^TotalMedia Server.lnk]
"backup"="C:\\WINDOWS1\\pss\\TotalMedia Server.lnkCommon Startup"
"location"="Common Startup"
"item"="TotalMedia Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS1\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Arie^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"backup"="C:\\WINDOWS1\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"item"="LimeWire On Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Arie^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"location"="Startup"
"item"="PowerReg Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Arie^Start Menu^Programs^Startup^The Simpsons Unleashed.lnk]
"item"="The Simpsons Unleashed"
"location"="Startup"
"backup"="C:\\WINDOWS1\\pss\\The Simpsons Unleashed.lnkStartup"
"backupExtension"="Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell AIO Printer A920]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dlbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DWQueuedReporting]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dwtrig20"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ExpressLinkReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REMINDER"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\ExpressLink\\REMINDER.EXE\" /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleUpdate"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Arie\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iomega Drive Icons]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImgIcon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LifeExp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mbamgui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002
     
    chaslang, Apr 5, 2013
    #14
  15. nolf10

    nolf10 Private E-2

    Here's my latest log from MGtools
     

    Attached Files:

    nolf10, Apr 14, 2013
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs still show all of the below in MSconfig registry keys. Are you using something else to control startups? Like possibly CCleaner or Glary Tools?
     
    chaslang, Apr 18, 2013
    #16
  17. nolf10

    nolf10 Private E-2

    Hi, I'm very sorry for the lack of updates on my part. To answer your question, right now I do use CCleaner to control the startup programs, but I have enabled them all, and I have made sure the computer is in normal startup mode. Here is the latest logs from MGtools.
    Thanks again for all your help so far.
     

    Attached Files:

    nolf10, May 11, 2013
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should not use CCleaner for this. It is a terrible startup manager ( actually it is not one at all ) and it improperly uses Microsoft's registry keys. Microsoft registry keys are for Microsoft and not some one else to use. Using CCleaner or Glary Tools which also improperly uses the MSconfig regsitry keys should be completely avoided. See the below. I recommend AutoRuns.

    Dealing with Startup Process


    Nope! If you have disable CCleaner and you have put your PC into normal startup mode, then you have load of stuff stuck in the registry keys now. This is one of many reasons why those tools should not be used for this purpose. Most if not all the stuff previously listed is sitll showing.
     
    chaslang, May 11, 2013
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds