Nephews computer... egads!

My nephew's machine has not had any maintenance performed on it since it was bought (in 2002, I think.)

I believe the battery is dead (and will replace it today) since every time the machine is unplugged, I get a CMOS bad checksum on the date and time, even after erasing/resetting CMOS, and inputting the date/time in the BIOS.

First let me say, I was brain dead when I started the Malware Removal Directions, which is never a good thing. So silly me, I made it through part of the instructions before I noticed that this system only had service pack 1 **deep groan** and had to bail out, up date Windows and Internet Explorer.

I mention this because Counter Spy had originally found issues, but the system crashed, and the first scan log was lost when I had to reinstall Counter Spy because it refused to load after the crash.

Unfortunately I do not recall what Counter Spy found during that first scan and can only guess that whatever it was, it took it with it when it died/was uninstalled/reinstalled.

Counter Spy had to be run in normal boot, it would lock up in Safe Mode, doing nothing after letting it sit there for hours.

Bit Defender and Panda Scan also had to run in normal boot... the controls for the scan buttons/fields/prompts were sized off of the screen and could not be brought onto the screen so that I could proceed.

Three issues:
1. Blank entry in msconfig-startup

2. Juno will not uninstall. "Error extracting support files: The system cannot find the file specified."

3. The machine is painfully slow and the hard drive runs more often than it should... even after uninstalling/disabling unwanted programs and using Black Viper's XP Services list, though using BV's list did improve the machine's speed a little.

So without further adieu, here she is in all her ?glory?
FYI, there are items that loaded for the sake of HijackThis, that are not normally allowed to load... at least normally from the perspective of what will load when I will return the machine to my nephew. They are not disabled using msconfig, but Starter.exe, because some are pushy programs.

 

Second batch of scans/logs

Second batch, now I am off to see if my local Walmart has a CR2032... or whatever it is (don't worry, I will take the little sucker with me to be sure.)

Thanks!

 

Okay. CR2032 battery is replaced, CMOS bad checksum date/time is fixed, as I suspected.

BigFix and Viewpoint Media Player are now history.

REST2514 is a deleted-file recovery program that I loaded onto this machine... just in case. lol

Two items fixed via HJT.

Registry changed via fixME.reg entry.

New logs attached.

A new issue has just popped up... getting Virtual Memory Too Low warnings... it says it is changing the setting, but I don't think it is since it keeps popping up the warnings.

Thank you!

 

Nothing is showing up in the Task Manager that I didn't open... which at the time it was giving me fits was Firefox (opened to view the saved page of this thread) and HijackThis. Either way, I increased the virtual memory to half way between the minimum and maximum.
Not sure if it was clear when I mentioned the Virtual Memory... this was a rather out of the blue thing, since I had previously had three instances of Firefox (not just multiple tabs) open, while downloading Sun Java, and while poking around in Windows Explorer and having the Control Panel open... so HJT and one instance of Firefox causing Virtual Memory issues seems strange and a new side effect to me. Is this my imagination?

I changed the setup to the best performance setting.

After all was said and done, there was still a blank entry in msconfig startup. I have put it back in Starter.exe as a no start.

Aside from the scanners, the only 'clean up' was the HJT entries and the reg file.

Does this mean I should proceed with the final steps or is there more to be done for the blank entry, slow machine and strange virtual memory issue?

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

^is all of the information to be found for the blank entry, except that when I go to that location, it is listed as (Default) Reg_SZ and no visible value. Right click brings up the option to modify binary data: 0000 00 00 ..


The machine is an eMachine, XP Home, 2.2GHrz processor (same as MY machine,) 128MB RAM (which is significantly less than mine is now, but is close what mine was recently.)

Just let me know if I need to post to software.