pc running slow

Help with Startup lists & Hijack this

silver surfer - 22 March 2008 - 2:46pm

Logfile of Trend Micro HijackThis v2.0.0 (BETA) 
Scan saved at 143650, on 22/03/2008 
Platform Windows XP SP2 (WinNT 5.01.2600) 
Boot mode Normal 
this a second copy of high jack this can someone please have a look 
Running processes 
C\WINDOWS\System32\smss.exe 
C\WINDOWS\system32\csrss.exe 
C\WINDOWS\SYSTEM32\winlogon.exe 
C\WINDOWS\system32\services.exe 
C\WINDOWS\system32\lsass.exe 
C\WINDOWS\system32\Ati2evxx.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\System32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\spoolsv.exe 
C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
C\Program Files\iolo\common\lib\ioloServiceManager.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\Explorer.EXE 
C\WINDOWS\tsnp2std.exe 
C\WINDOWS\vsnp2std.exe 
C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe 
C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
C\PROGRA~1\AVG\AVG8\avgtray.exe 
C\Program Files\iolo\Personal Firewall\ioloFW.exe 
C\WINDOWS\system32\ctfmon.exe 
C\Program Files\Skype\Phone\Skype.exe 
C\PROGRA~1\AVG\AVG8\avgam.exe 
C\PROGRA~1\AVG\AVG8\avgrsx.exe 
C\PROGRA~1\AVG\AVG8\avgemc.exe 
C\Program Files\Skype\Plugin Manager\skypePM.exe 
C\WINDOWS\System32\alg.exe 
C\Program Files\Windows Live\Messenger\usnsvc.exe 
C\Program Files\Mozilla Firefox\firefox.exe 
C\PROGRA~1\AVG\AVG8\avgnsx.exe 
C\Documents and Settings\albert\Desktop\HiJackThis_v2.exe 
C\WINDOWS\system32\wbem\wmiprvse.exe 
C\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.yahoo.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http//uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http//uk.docs.yahoo.com/info/bt_side.html 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http//windowsupdate.microsoft.com/ 
R3 - URLSearchHook Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C\Program Files\AVG\AVG8\avgssie.dll 
O2 - BHO (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL 
O2 - BHO Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL 
O3 - Toolbar Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O4 - HKLM\..\Run [EPSON Stylus DX4000 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" 
O4 - HKLM\..\Run [tsnp2std] C\WINDOWS\tsnp2std.exe 
O4 - HKLM\..\Run [snp2std] C\WINDOWS\vsnp2std.exe 
O4 - HKLM\..\Run [SMSystemAnalyzer] "C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" 
O4 - HKLM\..\Run [EPSON Stylus Photo R200 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" 
O4 - HKLM\..\Run [Microsoft Works Update Detection] C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
O4 - HKLM\..\Run [LanzarP2006] "C\DOCUME~1\albert\LOCALS~1\Temp\{9206DE0F-FBD2-4796-995C-7DBBDB26FD38}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" /SETUP"/l0x0009" 
O4 - HKLM\..\Run [AVG8_TRAY] C\PROGRA~1\AVG\AVG8\avgtray.exe 
O4 - HKLM\..\Run [iolo Personal Firewall] "C\Program Files\iolo\Personal Firewall\ioloFW.exe" 
O4 - HKCU\..\Run [CTFMON.EXE] C\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run [Skype] "C\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 
O4 - HKCU\..\Run [msnmsgr] "C\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
O4 - HKUS\S-1-5-19\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
O4 - HKUS\S-1-5-20\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
O4 - HKUS\S-1-5-18\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O8 - Extra context menu item &Search - ?p=ZCxdm451YYES 
O8 - Extra context menu item &Windows Live Search - res//C\Program Files\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item Add to Windows &Live Favorites - http//favorites.live.com/quickadd.aspx 
O8 - Extra context menu item E&xport to Microsoft Excel - res//C\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
O8 - Extra context menu item Open in new background tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?923dc63cc0414e5192b192883313b3a3 
O8 - Extra context menu item Open in new foreground tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?923dc63cc0414e5192b192883313b3a3 
O9 - Extra button Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra 'Tools' menuitem Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O16 - DPF {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http//cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab 
O16 - DPF {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http//www.crucial.com/controls/cpcScanner.cab 
O18 - Protocol linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C\Program Files\AVG\AVG8\avgpp.dll 
O18 - Protocol skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 
O20 - AppInit_DLLs avgrsstx.dll 
O22 - SharedTaskScheduler Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C\WINDOWS\system32\browseui.dll 
O22 - SharedTaskScheduler Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C\WINDOWS\system32\browseui.dll 
O23 - Service Ati HotKey Poller - Unknown owner - C\WINDOWS\system32\Ati2evxx.exe 
O23 - Service AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C\PROGRA~1\AVG\AVG8\avgemc.exe 
O23 - Service AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
O23 - Service iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C\Program Files\iolo\common\lib\ioloServiceManager.exe 
O23 - Service iolo System Service (ioloSystemService) - Unknown owner - C\Program Files\iolo\common\lib\ioloServiceManager.exe

-- 
End of file - 8272 bytes

pc running slow

Vino Rosso - 26 March 2008 - 1:49pm

Hi

Can you give some more detail of when the PC is running slowly...

- when starting? 
- when opening a particular program? 
- when opening a specific web page, or any web page? 
- when doing a particular task? 
- when shutting down?

1 - Deckard's System Scanner 
Download Deckard's System Scanner (DSS) from <a href="http://www.techsupportforum.com/sectools/Deckard/dss.exe" class="bb-url">>here<</a> to your Desktop. 
Note: You must be logged onto an account with administrator privileges.<ol class="bb-list" style="list-style-type:decimal;"><li> Close all applications and windows. </li>
<li> Double-click on dss.exe to run it, and follow the prompts. </li>
<li> When the scan is complete, two text files will open - main.txt <== this one will be maximized and extra.txt <== this one will be minimized </li>
<li> Select All (Ctrl+A) then Copy (Ctrl+C) then Paste (Ctrl+V) the contents of main.txt in your reply</li>
<li> Repeat this and post the contents of extra.txt</li></ol>For information
What DSS will do:<ul class="bb-list" style="list-style-type:circle;"><li> Create a new System Restore point in Windows XP and Vista. </li>
<li> Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. </li>
<li> Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.</li></ul></li>Thanks
Vino[/]</li>[/]

slow pc

silver surfer - 29 March 2008 - 4:53pm

Hi vino rosso 
my original version of avg run out so i put on bull guard but i had problems with that i then put on another antivirus panda but that was no good ever since my computer has run slow. 
here is the 2 texts 
Deckard's System Scanner v20071014.68 
Run by albert on 2008-03-29 163529 
Computer is in Normal Mode. 
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) -- 
56 2008-03-29 163539 UTC - RP232 - Deckard's System Scanner Restore Point 
55 2008-03-23 182748 UTC - RP231 - Avg8 Update 
54 2008-03-22 155430 UTC - RP230 - Software Distribution Service 3.0 
53 2008-03-22 134933 UTC - RP229 - Avg8 Update 
52 2008-03-19 142816 UTC - RP228 - Avg8 Update

-- First Restore Point -- 
1 2007-10-15 141413 UTC - RP177 - Software Distribution Service 3.0

Backed up registry hives. 
Performed disk cleanup.

Total Physical Memory 511 MiB (512 MiB recommended).

-- HijackThis (run as albert.exe) ----------------------------------------------

Unable to find log (file not found); running clone. 
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 2008-03-29 164008 
Platform Windows XP Service Pack 2 (5.01.2600) 
MSIE Internet Explorer (6.00.2900.2180) 
Boot mode Normal

Running processes 
C\WINDOWS\system32\smss.exe 
C\WINDOWS\system32\csrss.exe 
C\WINDOWS\system32\winlogon.exe 
C\WINDOWS\system32\services.exe 
C\WINDOWS\system32\lsass.exe 
C\WINDOWS\system32\ati2evxx.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\spoolsv.exe 
C\Program Files\AVG\AVG8\avgwdsvc.exe 
C\Program Files\iolo\Common\Lib\ioloServiceManager.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\explorer.exe 
C\WINDOWS\tsnp2std.exe 
C\WINDOWS\vsnp2std.exe 
C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe 
C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
C\Program Files\AVG\AVG8\avgtray.exe 
C\Program Files\iolo\Personal Firewall\ioloFW.exe 
C\WINDOWS\system32\ctfmon.exe 
C\Program Files\Skype\Phone\Skype.exe 
C\Program Files\Windows Live\Messenger\msnmsgr.exe 
C\Program Files\AVG\AVG8\avgemc.exe 
C\WINDOWS\system32\alg.exe 
C\Program Files\AVG\AVG8\avgam.exe 
C\Program Files\AVG\AVG8\avgrsx.exe 
C\Program Files\AVG\AVG8\avgnsx.exe 
C\Program Files\Skype\Plugin Manager\skypePM.exe 
C\Program Files\Windows Live\Messenger\usnsvc.exe 
C\Documents and Settings\albert\Desktop\dss.exe 
C\Program Files\Trend Micro\HijackThis\albert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http//www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.yahoo.com/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http//home.microsoft.com/access/autosearch.asp?p=%s 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http//windowsupdate.microsoft.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http//uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http//uk.docs.yahoo.com/info/bt_side.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http//www.google.com/ie 
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http//www.google.com/ie 
R3 - URLSearchHook Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C\Program Files\AVG\AVG8\avgssie.dll 
O2 - BHO (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\Program Files\AVG\AVG8\avgtoolbar.dll 
O2 - BHO Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\Program Files\AVG\AVG8\avgtoolbar.dll 
O3 - Toolbar Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O4 - HKLM\..\Run [EPSON Stylus DX4000 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" 
O4 - HKLM\..\Run [tsnp2std] C\WINDOWS\tsnp2std.exe 
O4 - HKLM\..\Run [snp2std] C\WINDOWS\vsnp2std.exe 
O4 - HKLM\..\Run [SMSystemAnalyzer] "C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" 
O4 - HKLM\..\Run [EPSON Stylus Photo R200 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" 
O4 - HKLM\..\Run [Microsoft Works Update Detection] C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
O4 - HKLM\..\Run [LanzarP2006] "C\DOCUME~1\albert\LOCALS~1\Temp\{9206DE0F-FBD2-4796-995C-7DBBDB26FD38}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" /SETUP"/l0x0009" 
O4 - HKLM\..\Run [AVG8_TRAY] C\PROGRA~1\AVG\AVG8\avgtray.exe 
O4 - HKLM\..\Run [iolo Personal Firewall] "C\Program Files\iolo\Personal Firewall\ioloFW.exe" 
O4 - HKCU\..\Run [CTFMON.EXE] C\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run [Skype] "C\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 
O4 - HKCU\..\Run [msnmsgr] "C\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
O4 - HKUS\S-1-5-19\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
O4 - HKUS\S-1-5-20\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
O4 - HKUS\S-1-5-18\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\S-1-5-18\..\Run [DWQueuedReporting] "C\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O4 - HKUS\.DEFAULT\..\Run [DWQueuedReporting] "C\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') 
O8 - Extra context menu item &Search - ?p=ZCxdm451YYES 
O8 - Extra context menu item &Windows Live Search - res//C\Program Files\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item Add to Windows &Live Favorites - http//favorites.live.com/quickadd.aspx 
O8 - Extra context menu item E&xport to Microsoft Excel - res//C\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
O8 - Extra context menu item Open in new background tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?923dc63cc0414e5192b192883313b3a3 
O8 - Extra context menu item Open in new foreground tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?923dc63cc0414e5192b192883313b3a3 
O9 - Extra button Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra 'Tools' menuitem Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) 
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O10 - Unknown file in Winsock LSP C\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll 
O10 - Unknown file in Winsock LSP C\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll 
O10 - Unknown file in Winsock LSP C\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll 
O16 - DPF {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http//cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab 
O16 - DPF {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http//www.crucial.com/controls/cpcScanner.cab 
O16 - DPF {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http//fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 
O18 - Protocol linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C\Program Files\AVG\AVG8\avgpp.dll 
O18 - Protocol livecall - {828030A1-22C1-4009-854F-8E305202313F} - C\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll 
O18 - Protocol mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C\Program Files\Microsoft ActiveSync\aatp.dll 
O18 - Protocol ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll 
O18 - Protocol msnim - {828030A1-22C1-4009-854F-8E305202313F} - C\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll 
O18 - Protocol mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL 
O18 - Protocol skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C\Program Files\Common Files\Skype\Skype4COM.dll 
O18 - Filter text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL 
O20 - AppInit_DLLs avgrsstx.dll 
O23 - Service Ati HotKey Poller - Unknown owner - C\WINDOWS\system32\ati2evxx.exe 
O23 - Service AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C\Program Files\AVG\AVG8\avgemc.exe 
O23 - Service AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C\Program Files\AVG\AVG8\avgwdsvc.exe 
O23 - Service BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe 
O23 - Service BGRaSvc - BullGuard - C\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe 
O23 - Service iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C\Program Files\iolo\Common\Lib\ioloServiceManager.exe 
O23 - Service iolo System Service (ioloSystemService) - Unknown owner - C\Program Files\iolo\Common\Lib\ioloServiceManager.exe

-- 
End of file - 9750 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C\WINDOWS\system32\shell32.dll,71 
.inf - inffile - DefaultIcon - C\WINDOWS\system32\shell32.dll,69 
.ini - inifile - DefaultIcon - C\WINDOWS\system32\shell32.dll,69 
.js - JSFile - shell\open\command - NOTEPAD.EXE %1 
.reg - regfile - shell\open\command - NOTEPAD.EXE %1 
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1 
.txt - txtfile - DefaultIcon - C\WINDOWS\system32\shell32.dll,70 
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1

-- Drivers 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 XPacket (iolo Personal Firewall Driver) - c\windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall> 
R3 pfc (Padus ASPI Shell) - c\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

-- Services 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager Disabled ----------------------------------------------------

Class GUID {4D36E972-E325-11CE-BFC1-08002BE10318} 
Description 1394 Net Adapter 
Device ID V1394\NIC1394\2B18CBC09F00 
Manufacturer Microsoft 
Name 1394 Net Adapter 
PNP Device ID V1394\NIC1394\2B18CBC09F00 
Service NIC1394

-- Scheduled Tasks -------------------------------------------------------------

2008-03-29 155002 256 --a------ C\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 163656 0 d-------- C\Program Files\Trend Micro 
2008-03-09 190009 0 d-------- C\Program Files\VS Revo Group 
2008-03-08 150404 0 dr-h----- C\Documents and Settings\albert\Recent 
2008-03-08 145209 0 d-------- C\Program Files\CCleaner 
2008-03-08 142734 0 d-------- C\WINDOWS\system32\drivers\Avg 
2008-03-08 142733 0 d-------- C\Documents and Settings\albert\Application Data\AVGTOOLBAR 
2008-03-08 142707 0 d-------- C\Program Files\AVG 
2008-03-08 142705 0 d-------- C\Documents and Settings\All Users\Application Data\avg8 
2008-03-08 135936 0 d-------- C\Documents and Settings\All Users\Application Data\BullGuard 
2008-03-08 135935 0 d-------- C\Documents and Settings\albert\Application Data\BullGuard 
2008-03-08 135800 0 d-------- C\Program Files\BullGuard Ltd 
2008-03-08 125001 0 d-------- C\WINDOWS\system32\bits

-- Find3M Report ---------------------------------------------------------------

2008-03-13 100846 38912 --a------ C\WINDOWS\system32\smrgdf.exe 
2008-03-13 092546 32768 --a------ C\WINDOWS\system32\iolobtdfg.exe 
2008-03-12 142056 0 d-------- C\Program Files\Common Files\Panda Software 
2008-03-09 183328 0 d--h----- C\Program Files\InstallShield Installation Information 
2008-03-08 145650 0 d-------- C\Program Files\Yahoo! 
2008-02-16 121217 0 d-------- C\Documents and Settings\albert\Application Data\Skype 
2008-02-06 150120 0 d-------- C\Program Files\Windows Media Connect 2 
2008-02-03 193746 0 d-------- C\Program Files\MSN Messenger 
2008-02-03 193624 0 d-------- C\Program Files\Windows Live 
2008-02-03 193501 0 d--hs--c- C\Program Files\Common Files\WindowsLiveInstaller 
2008-02-03 193031 0 d-------- C\Program Files\Common Files

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 
19/03/2008 1426 2041600 --a------ C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"EPSON Stylus DX4000 Series"="C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [21/02/2006 0400] 
"tsnp2std"="C\WINDOWS\tsnp2std.exe" [03/11/2005 0912] 
"snp2std"="C\WINDOWS\vsnp2std.exe" [16/08/2005 2054] 
"SMSystemAnalyzer"="C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [13/03/2008 1019] 
"EPSON Stylus Photo R200 Series"="C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.exe" [11/09/2003 0300] 
"Microsoft Works Update Detection"="C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [25/07/2002 0520] 
"LanzarP2006"="C\DOCUME~1\albert\LOCALS~1\Temp\{9206DE0F-FBD2-4796-995C-7DBBDB26FD38}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" [] 
"AVG8_TRAY"="C\PROGRA~1\AVG\AVG8\avgtray.exe" [15/03/2008 1234] 
"iolo Personal Firewall"="C\Program Files\iolo\Personal Firewall\ioloFW.exe" [05/03/2008 1106]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"CTFMON.EXE"="C\WINDOWS\system32\ctfmon.exe" [04/08/2004 1200] 
"Skype"="C\Program Files\Skype\Phone\Skype.exe" [25/08/2007 2054] 
"msnmsgr"="C\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 1134]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run] 
"DWQueuedReporting"="C\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard] 
"C\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] 
"PavPrSrv"=2 (0x2) 
"BgMainSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
BullGuard BgMainSvc BsFileScan BsMailProxy BsFire

-- End of Deckard's System Scanner finished at 2008-03-29 164124 ------------

slow pc

silver surfer - 29 March 2008 - 4:56pm

Hi vino rosso, 
here is the extra text hope they are what you want 
regards 
silver surfer

Deckard's System Scanner v20071014.68 
Extra logfile - please post this as an attachment with your post. 
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0 
Architecture X86; Language English

CPU 0 Intel(R) Pentium(R) M processor 1.60GHz 
Percentage of Memory in Use 52% 
Physical Memory (total/avail) 510.42 MiB / 244.91 MiB 
Pagefile Memory (total/avail) 1248.91 MiB / 890.88 MiB 
Virtual Memory (total/avail) 2047.88 MiB / 1918.58 MiB

C is Fixed (NTFS) - 26.39 GiB total, 16.81 GiB free. 
D is Fixed (FAT32) - 26.55 GiB total, 26.53 GiB free. 
E is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 3 partitions 
\PARTITION0 - Unknown - 2.93 GiB 
\PARTITION1 (bootable) - Installable File System - 26.39 GiB - C 
\PARTITION2 - Extended w/Extended Int 13 - 26.57 GiB - D

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install. 
Windows Internal Firewall is disabled.

FirstRunDisabled is set. 
AntivirusOverride is set.

FW BullGuard Firewall vX.0 (BullGuard Ltd.) Disabled 
FW iolo Personal Firewall® v1.5 (iolo technologies, LLC) 
AV BullGuard Antivirus vX.0 (BullGuard Ltd.) 
AV AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] 
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe*enabled@xpsp2res.dll,-22019" 
"C\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe*EnabledWindows Live Messenger" 
"C\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C\\Program Files\\Windows Live\\Messenger\\livecall.exe*EnabledWindows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe*enabled@xpsp2res.dll,-22019" 
"C\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C\\Program Files\\Yahoo!\\Messenger\\ypager.exe*EnabledYahoo! Messenger" 
"C\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C\\Program Files\\Yahoo!\\Messenger\\YServer.exe*EnabledYahoo! FT Server" 
"C\\Program Files\\Messenger\\msmsgs.exe"="C\\Program Files\\Messenger\\msmsgs.exe*EnabledWindows Messenger" 
"C\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe*DisabledCrazyTalk Application" 
"C\\Program Files\\iolo\\Personal Firewall\\ioloFW.exe"="C\\Program Files\\iolo\\Personal Firewall\\ioloFW.exe*Enablediolo Firewall®" 
"C\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe*EnabledWindows Live Messenger" 
"C\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C\\Program Files\\Windows Live\\Messenger\\livecall.exe*EnabledWindows Live Messenger (Phone)" 
"C\\Program Files\\Skype\\Phone\\Skype.exe"="C\\Program Files\\Skype\\Phone\\Skype.exe*EnabledSkype. Take a deep breath " 
"C\\Program Files\\AVG\\AVG8\\avgupd.exe"="C\\Program Files\\AVG\\AVG8\\avgupd.exe*Enabledavgupd.exe" 
"C\\Program Files\\AVG\\AVG8\\avgemc.exe"="C\\Program Files\\AVG\\AVG8\\avgemc.exe*Enabledavgemc.exe" 
"C\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C\\Program Files\\AVG\\AVG8\\avgnsx.exe*Enabledavgnsx.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C\Documents and Settings\All Users 
APPDATA=C\Documents and Settings\albert\Application Data 
CommonProgramFiles=C\Program Files\Common Files 
COMPUTERNAME=PRIVATE-6FF9EEE 
ComSpec=C\WINDOWS\system32\cmd.exe 
FP_NO_HOST_CHECK=NO 
HOMEDRIVE=C 
HOMEPATH=\Documents and Settings\albert 
LOGONSERVER=\\PRIVATE-6FF9EEE 
NUMBER_OF_PROCESSORS=1 
OS=Windows_NT 
Path=C\Program Files\Mozilla Firefox;C\Program Files\Mozilla Firefox;C\WINDOWS\SYSTEM32;C\WINDOWS;C\WINDOWS\SYSTEM32\WBEM 
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH 
PROCESSOR_ARCHITECTURE=x86 
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel 
PROCESSOR_LEVEL=6 
PROCESSOR_REVISION=0d06 
ProgramFiles=C\Program Files 
PROMPT=$P$G 
SESSIONNAME=Console 
SystemDrive=C 
SystemRoot=C\WINDOWS 
TEMP=C\DOCUME~1\albert\LOCALS~1\Temp 
TMP=C\DOCUME~1\albert\LOCALS~1\Temp 
USERDOMAIN=PRIVATE-6FF9EEE 
USERNAME=albert 
USERPROFILE=C\Documents and Settings\albert 
windir=C\WINDOWS

-- User Profiles ---------------------------------------------------------------

albert (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C\WINDOWS\INF\PCHealth.inf 
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} 
ATI - Software Uninstall Utility --> C\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe 
ATI Display Driver --> rundll32 C\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags0x2010001 -inf_classDISPLAY -clean 
AVG 8.0 --> C\Program Files\AVG\AVG8\setup.exe /UNINSTALL 
Before You Know It 3.6 --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{5F86CCDE-767E-4EE3-9507-51F12E905AF4}\Setup.exe" -l0x9 
CCleaner (remove only) --> "C\Program Files\CCleaner\uninst.exe" 
Conexant AC-Link Audio --> CIAunwdm.exe 
Digital Camera Driver --> C\PROGRA~1\DIGITA~1\UNWISE.EXE C\PROGRA~1\DIGITA~1\INSTALL.LOG 
EPSON Attach To Email --> C\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG 
EPSON CardMonitor --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst 
EPSON Copy Utility 3 --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall 
EPSON Easy Photo Print --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST 
EPSON PhotoStarter3.1 --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst 
EPSON Print CD --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM 
EPSON Printer Software --> C\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r 
EPSON Scan --> C\Program Files\epson\escndv\setup\setup.exe /r 
EPSON Scan Assistant --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u 
ESDX4000_4050_CX3900 --> C\Program Files\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE 
HijackThis 2.0.0 --> "E\DiscContents\Security Toolkit\HijackThis\Bin\HiJackThis\HijackThis.exe" /uninstall 
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" 
iolo Personal Firewall --> "C\Program Files\iolo\Personal Firewall\unins000.exe" 
iolo technologies' System Mechanic 7 --> "C\Program Files\iolo\System Mechanic 7\unins000.exe" 
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} 
Microsoft ActiveSync 3.7 --> "C\WINDOWS\ISUNINST.EXE" -f"C\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C\Program Files\Microsoft ActiveSync\ceuninst.dll" 
Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689} 
Microsoft Compression Client Pack 1.0 for Windows XP --> "C\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" 
Microsoft Digital Image Pro 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE134} 
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9} 
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" 
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} 
Mozilla Firefox (2.0.0.13) --> C\Program Files\Mozilla Firefox\uninstall\helper.exe 
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} 
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8} 
PowerDVD --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall 
Revo Uninstaller 1.50 --> C\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe 
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} 
SoftV92 Data Fax Modem with SmartCP --> C\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_00641025\HXFSETUP.EXE -U -Iqta00645.inf 
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962} 
Texas Instruments PCIxx21/x515 drivers. --> C\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{23C7348E-131C-4BFF-9763-2C804D6B87AE} 
USB2.0 PC Camera (SN9C201&202) --> RunDll32 C\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9 
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} 
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} 
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} 
Windows Live OneCare safety scanner --> RunDll32.exe "C\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT 
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE} 
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} 
Windows Live Toolbar --> "C\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} 
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} 
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} 
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26} 
Windows Media Format 11 runtime --> "C\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" 
Yahoo! Install Manager --> C\WINDOWS\system32\regsvr32 /u C\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL 
Yahoo! Toolbar --> C\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type130 / Success 
Event Submitted/Written 03/29/2008 034454 PM 
Event ID/Source 12001 / usnjsvc 
Event Description 
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type119 / Success 
Event Submitted/Written 03/26/2008 005600 PM 
Event ID/Source 12001 / usnjsvc 
Event Description 
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type114 / Success 
Event Submitted/Written 03/23/2008 062640 PM 
Event ID/Source 12001 / usnjsvc 
Event Description 
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type98 / Success 
Event Submitted/Written 03/22/2008 014613 PM 
Event ID/Source 12001 / usnjsvc 
Event Description 
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type91 / Error 
Event Submitted/Written 03/16/2008 053851 PM 
Event ID/Source 1000 / Application Error 
Event Description 
Faulting application firefox.exe, version 1.8.20080.20121, faulting module nss3.dll, version 3.11.5.0, fault address 0x000306df. 
Processing media-specific event for [firefox.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type10277 / Error 
Event Submitted/Written 03/26/2008 005441 PM 
Event ID/Source 1002 / Dhcp 
Event Description 
The IP address lease 192.168.1.33 for the Network Card with network address 000E3581FFA2 has been 
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type10255 / Error 
Event Submitted/Written 03/23/2008 062434 PM 
Event ID/Source 1002 / Dhcp 
Event Description 
The IP address lease 192.168.1.33 for the Network Card with network address 000E3581FFA2 has been 
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type10247 / Warning 
Event Submitted/Written 03/22/2008 035545 PM 
Event ID/Source 20 / Print 
Event Description 
Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files- mdigraph.dll, mdiui.dll, mdiui.dll.

Event Record #/Type10246 / Warning 
Event Submitted/Written 03/22/2008 035544 PM 
Event ID/Source 3 / Print 
Event Description 
Printer Microsoft Office Document Image Writer was deleted.

Event Record #/Type10245 / Warning 
Event Submitted/Written 03/22/2008 035543 PM 
Event ID/Source 4 / Print 
Event Description 
Printer Microsoft Office Document Image Writer is pending deletion.

-- End of Deckard's System Scanner finished at 2008-03-29 164124 ------------

pc running slow

Vino Rosso - 29 March 2008 - 6:34pm

I suspect your problem is that there is more than one antivirus running. This will cause conflicts and slow down your system as each AV will fight for control.

DSS suggests BullGuard and AVG v8.0 are both running. You need to pick one that you wish to use then uninstall the other via Add/Remove programs in the Control Panel.

Once you've done this, please post a fresh HijackThis log.

slow pc

silver surfer - 30 March 2008 - 9:59am

Hi Vino Rosso, 
i have tried control panel but Bullguard is not in there is there another way i can get rid of it i want to keep AVG. 
regards 
Silver Surfer

slow pc

silver surfer - 30 March 2008 - 11:01am

Hi Vino Rosso, 
i have managed to get rid of most of the bullguard but thre is one file it will not allow me to delete it is(BACK UP SHELL HOOK.DLL) 
regards 
silver surfer.

pc running slow

Vino Rosso - 30 March 2008 - 1:07pm

Hi

OK, please post a fresh HJT log - make sure you use the 2.0.2 version (possibly shown as albert.exe on your Desktop)

pc slow

silver surfer - 30 March 2008 - 4:26pm

Hi Vino Rosso, 
here is the latest high jack log 
regards 
silver surfer 
Logfile of Trend Micro HijackThis v2.0.0 (BETA) 
Scan saved at 172513, on 30/03/2008 
Platform Windows XP SP2 (WinNT 5.01.2600) 
Boot mode Normal

Running processes 
C\WINDOWS\System32\smss.exe 
C\WINDOWS\system32\csrss.exe 
C\WINDOWS\SYSTEM32\winlogon.exe 
C\WINDOWS\system32\services.exe 
C\WINDOWS\system32\lsass.exe 
C\WINDOWS\system32\Ati2evxx.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\System32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\spoolsv.exe 
C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
C\Program Files\iolo\common\lib\ioloServiceManager.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\Explorer.EXE 
C\WINDOWS\tsnp2std.exe 
C\WINDOWS\vsnp2std.exe 
C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe 
C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
C\PROGRA~1\AVG\AVG8\avgtray.exe 
C\Program Files\iolo\Personal Firewall\ioloFW.exe 
C\WINDOWS\system32\ctfmon.exe 
C\Program Files\Skype\Phone\Skype.exe 
C\Program Files\Windows Live\Messenger\MsnMsgr.Exe 
C\PROGRA~1\AVG\AVG8\avgam.exe 
C\PROGRA~1\AVG\AVG8\avgrsx.exe 
C\PROGRA~1\AVG\AVG8\avgnsx.exe 
C\PROGRA~1\AVG\AVG8\avgemc.exe 
C\WINDOWS\system32\wuauclt.exe 
C\Program Files\Skype\Plugin Manager\skypePM.exe 
C\WINDOWS\System32\alg.exe 
C\Program Files\Mozilla Firefox\firefox.exe 
C\WINDOWS\system32\wbem\wmiprvse.exe 
C\Documents and Settings\albert\Desktop\HiJackThis_v2.exe

-- 
End of file - 8273 bytes

pc running slow

Vino Rosso - 1 April 2008 - 10:59pm

Hi

1 - Install HijackThis 
You are running an old version of HijackThis and from an unsafe location. An easy way to correct this is to do the following:

Delete the version you have on your Desktop 
Download a copy of HJTInstall.exe from <a href="http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe" class="bb-url">>here<</a> and save it to your Desktop.<ul class="bb-list" style="list-style-type:circle;"><li> Double click HJTinstall.exe to begin installation. </li>
<li> By default it will install to C:\Program Files\Trend Micro\HijackThis. </li>
<li> Click on Install, then I accept. A HijackThis icon will be created on the desktop and Hijackthis will launch.
Do NOT proceed unless you have completed the above </li>
<li> click Do a system scan only</li>
<li> Tick the following entries, if present:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html">http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html</a> 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\albert\LOCALS~1\Temp\{9206DE0F-FBD2-4796-995C-7DBBDB26FD38}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" /SETUP:"/l0x0009" 
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYES </li>
<li> Close all windows except HijackThis</li>
<li> Click Fix Checked in HijackThis</li></ul>2 - Clean Up Temporary Files
Download CCleaner Slim from <a href="http://www.ccleaner.com/download/builds/downloading-slim" class="bb-url">>here<</a> and save it to your Desktop. 
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe 
Follow the prompts to install the program. 
Complete the installation then:<ul class="bb-list" style="list-style-type:circle;"><li> Make sure that ALL browser windows are closed</li>
<li> Double-click the CCleaner shortcut on the desktop to start the program.</li>
<li> Click on the Options block on the left, then choose Cookies.<ul class="bb-list" style="list-style-type:circle;"><li> Under Cookies to Delete, highlight any cookies you would like to retain permanently</li>
<li> Click the right arrow > to move them to the Cookies to Keep window.</li></ul></li><li> Go into Options > Advanced deselect/uncheck 'Only delete files in Windows Temp folders older than 48 hours'</li>
<li> Click Cleaner on the left then Run Cleaner on the right to run the program.</li>
<li> Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.</li>
<li> After CCleaner has completed its process, click Exit.</li> </ul>3 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed 
Please do an online scan with <a href="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html" class="bb-url">>Kaspersky Online Scanner<</a>. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. 
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%. 
<ul class="bb-list" style="list-style-type:circle;"><li> The program will launch and then start to download the latest definition files. </li>
<li> Once the scanner is installed and the definitions downloaded, click Next. </li>
<li> Now click on Scan Settings </li>
<li> In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 
+ Extended (If available otherwise Standard) 
o Scan Options: 
+ Scan Archives 
+ Scan Mail Bases </li>
<li> Click OK </li>
<li> Now under select a target to scan select My Computer </li>
<li> The scan will take a while so be patient and let it run. </li>
<li> Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected. </li>
<li> Click the Save Report As... button (see red arrow below)

<a href="http://img.photobucket.com/albums/v666/sUBs/Kas-SaveReport-1.gif">http://img.photobucket.com/albums/v666/sUBs/Kas-SaveReport-1.gif</a>

</li><li> In the Save as... prompt, select Desktop</li>
<li> In the File name box, name the file KasScan-ddmmyy (or similar)</li>
<li> In the Save as type prompt, select Text file (see below)

<a href="http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif">http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif</a>

</li><li> Copy and paste the report in your next post.</li></ul>Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled! 
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

3 - Check on status 
After you have completed the above, please reboot and provide:<ol class="bb-list" style="list-style-type:decimal;"><li> the Kaspersky Scan report</li><li> a new HijackThis log</li></ol></li>Thanks
Vino

Images removed by Audiodood 
Please read the AUP[/]</li>[/]</li>[/]</li>[/]</li>[/]

slow pc

silver surfer - 2 April 2008 - 6:01pm

Hi,here is the high jack log file ca not download kaspersky online scanner because i am using (Mozilla Firefox).have run cccleaner 
regards 
silver surfer 
Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 182846, on 02/04/2008 
Platform Windows XP SP2 (WinNT 5.01.2600) 
MSIE Internet Explorer v6.00 SP2 (6.00.2900.2180) 
Boot mode Normal

Running processes 
C\WINDOWS\System32\smss.exe 
C\WINDOWS\system32\csrss.exe 
C\WINDOWS\SYSTEM32\winlogon.exe 
C\WINDOWS\system32\services.exe 
C\WINDOWS\system32\lsass.exe 
C\WINDOWS\system32\Ati2evxx.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\System32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\spoolsv.exe 
C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
C\Program Files\iolo\common\lib\ioloServiceManager.exe 
C\WINDOWS\system32\svchost.exe 
C\PROGRA~1\AVG\AVG8\avgam.exe 
C\PROGRA~1\AVG\AVG8\avgrsx.exe 
C\PROGRA~1\AVG\AVG8\avgnsx.exe 
C\PROGRA~1\AVG\AVG8\avgemc.exe 
C\WINDOWS\System32\alg.exe 
C\WINDOWS\Explorer.EXE 
C\WINDOWS\tsnp2std.exe 
C\WINDOWS\vsnp2std.exe 
C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe 
C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
C\PROGRA~1\AVG\AVG8\avgtray.exe 
C\Program Files\iolo\Personal Firewall\ioloFW.exe 
C\WINDOWS\system32\ctfmon.exe 
C\Program Files\Skype\Phone\Skype.exe 
C\Program Files\Windows Live\Messenger\MsnMsgr.Exe 
C\Program Files\Skype\Plugin Manager\skypePM.exe 
C\Program Files\Windows Live\Messenger\usnsvc.exe 
C\Program Files\Trend Micro\HijackThis\HijackThis.exe 
C\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.yahoo.com/ 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http//windowsupdate.microsoft.com/ 
R3 - URLSearchHook Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C\Program Files\AVG\AVG8\avgssie.dll 
O2 - BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL 
O2 - BHO Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL 
O3 - Toolbar Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O4 - HKLM\..\Run [EPSON Stylus DX4000 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" 
O4 - HKLM\..\Run [tsnp2std] C\WINDOWS\tsnp2std.exe 
O4 - HKLM\..\Run [snp2std] C\WINDOWS\vsnp2std.exe 
O4 - HKLM\..\Run [SMSystemAnalyzer] "C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" 
O4 - HKLM\..\Run [EPSON Stylus Photo R200 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" 
O4 - HKLM\..\Run [Microsoft Works Update Detection] C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
O4 - HKLM\..\Run [AVG8_TRAY] C\PROGRA~1\AVG\AVG8\avgtray.exe 
O4 - HKLM\..\Run [iolo Personal Firewall] "C\Program Files\iolo\Personal Firewall\ioloFW.exe" 
O4 - HKCU\..\Run [CTFMON.EXE] C\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run [Skype] "C\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 
O4 - HKCU\..\Run [msnmsgr] "C\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
O4 - HKUS\S-1-5-19\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
O4 - HKUS\S-1-5-20\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
O4 - HKUS\S-1-5-18\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O8 - Extra context menu item &Windows Live Search - res//C\Program Files\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item Add to Windows &Live Favorites - http//favorites.live.com/quickadd.aspx 
O8 - Extra context menu item E&xport to Microsoft Excel - res//C\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
O8 - Extra context menu item Open in new background tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?923dc63cc0414e5192b192883313b3a3 
O8 - Extra context menu item Open in new foreground tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?923dc63cc0414e5192b192883313b3a3 
O9 - Extra button Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra 'Tools' menuitem Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O16 - DPF {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http//cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab 
O16 - DPF {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http//www.crucial.com/controls/cpcScanner.cab 
O18 - Protocol linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C\Program Files\AVG\AVG8\avgpp.dll 
O18 - Protocol skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 
O20 - AppInit_DLLs avgrsstx.dll 
O23 - Service Ati HotKey Poller - Unknown owner - C\WINDOWS\system32\Ati2evxx.exe 
O23 - Service AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C\PROGRA~1\AVG\AVG8\avgemc.exe 
O23 - Service AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
O23 - Service iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C\Program Files\iolo\common\lib\ioloServiceManager.exe 
O23 - Service iolo System Service (ioloSystemService) - Unknown owner - C\Program Files\iolo\common\lib\ioloServiceManager.exe

-- 
End of file - 7401 bytes

Re: slow pc

Vino Rosso - 2 April 2008 - 7:36pm

<div class="bb-quote">silver surfer wrote:<blockquote class="bb-quote-body">Hi,here is the high jack log file ca not download kaspersky online scanner because i am using (Mozilla Firefox).</blockquote></div> 
You may not use IE but it's still on your computer... isn't it?

slow pc

silver surfer - 6 April 2008 - 10:17am

God morning Vino, 
Here are the logs you require(high jack this/kaspersky online scanner) 
regards 
Silver Surfer

Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 111355, on 06/04/2008 
Platform Windows XP SP2 (WinNT 5.01.2600) 
MSIE Internet Explorer v6.00 SP2 (6.00.2900.2180) 
Boot mode Normal

Running processes 
C\WINDOWS\System32\smss.exe 
C\WINDOWS\system32\csrss.exe 
C\WINDOWS\SYSTEM32\winlogon.exe 
C\WINDOWS\system32\services.exe 
C\WINDOWS\system32\lsass.exe 
C\WINDOWS\system32\Ati2evxx.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\System32\svchost.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\system32\spoolsv.exe 
C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
C\Program Files\iolo\common\lib\ioloServiceManager.exe 
C\WINDOWS\system32\svchost.exe 
C\WINDOWS\Explorer.EXE 
C\WINDOWS\tsnp2std.exe 
C\WINDOWS\vsnp2std.exe 
C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe 
C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
C\PROGRA~1\AVG\AVG8\avgtray.exe 
C\Program Files\iolo\Personal Firewall\ioloFW.exe 
C\WINDOWS\system32\ctfmon.exe 
C\Program Files\Skype\Phone\Skype.exe 
C\Program Files\Windows Live\Messenger\MsnMsgr.Exe 
C\PROGRA~1\AVG\AVG8\avgam.exe 
C\PROGRA~1\AVG\AVG8\avgrsx.exe 
C\PROGRA~1\AVG\AVG8\avgemc.exe 
C\WINDOWS\System32\alg.exe 
C\Program Files\Skype\Plugin Manager\skypePM.exe 
C\Program Files\Windows Live\Messenger\usnsvc.exe 
C\Program Files\Mozilla Firefox\firefox.exe 
C\PROGRA~1\AVG\AVG8\avgnsx.exe 
C\WINDOWS\system32\wuauclt.exe 
C\WINDOWS\system32\wbem\wmiprvse.exe 
C\Program Files\iolo\System Mechanic 7\SMTrayNotify.exe 
C\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.yahoo.com/ 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http//windowsupdate.microsoft.com/ 
R3 - URLSearchHook Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C\Program Files\AVG\AVG8\avgssie.dll 
O2 - BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL 
O2 - BHO Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL 
O3 - Toolbar Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O4 - HKLM\..\Run [EPSON Stylus DX4000 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" 
O4 - HKLM\..\Run [tsnp2std] C\WINDOWS\tsnp2std.exe 
O4 - HKLM\..\Run [snp2std] C\WINDOWS\vsnp2std.exe 
O4 - HKLM\..\Run [SMSystemAnalyzer] "C\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" 
O4 - HKLM\..\Run [EPSON Stylus Photo R200 Series] C\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" 
O4 - HKLM\..\Run [Microsoft Works Update Detection] C\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe 
O4 - HKLM\..\Run [AVG8_TRAY] C\PROGRA~1\AVG\AVG8\avgtray.exe 
O4 - HKLM\..\Run [iolo Personal Firewall] "C\Program Files\iolo\Personal Firewall\ioloFW.exe" 
O4 - HKCU\..\Run [CTFMON.EXE] C\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run [Skype] "C\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 
O4 - HKCU\..\Run [msnmsgr] "C\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
O4 - HKUS\S-1-5-19\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
O4 - HKUS\S-1-5-20\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
O4 - HKUS\S-1-5-18\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run [CTFMON.EXE] C\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O8 - Extra context menu item &Windows Live Search - res//C\Program Files\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item Add to Windows &Live Favorites - http//favorites.live.com/quickadd.aspx 
O8 - Extra context menu item E&xport to Microsoft Excel - res//C\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
O8 - Extra context menu item Open in new background tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?923dc63cc0414e5192b192883313b3a3 
O8 - Extra context menu item Open in new foreground tab - res//C\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?923dc63cc0414e5192b192883313b3a3 
O9 - Extra button Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra 'Tools' menuitem Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C\Program Files\Microsoft ActiveSync\inetrepl.dll 
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O10 - Unknown file in Winsock LSP c\program files\iolo\common\firewall\ifw_xfilter.dll 
O16 - DPF {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http//www.kaspersky.com/kos/english/kavwebscan_unicode.cab 
O16 - DPF {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http//cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab 
O16 - DPF {A90A5822-F108-45AD-8482-9BC8B12DD539} - http//www.crucial.com/controls/cpcScanner.cab 
O18 - Protocol linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C\Program Files\AVG\AVG8\avgpp.dll 
O18 - Protocol skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 
O20 - AppInit_DLLs avgrsstx.dll 
O23 - Service Ati HotKey Poller - Unknown owner - C\WINDOWS\system32\Ati2evxx.exe 
O23 - Service AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C\PROGRA~1\AVG\AVG8\avgemc.exe 
O23 - Service AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
O23 - Service iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C\Program Files\iolo\common\lib\ioloServiceManager.exe 
O23 - Service iolo System Service (ioloSystemService) - Unknown owner - C\Program Files\iolo\common\lib\ioloServiceManager.exe

-- 
End of file - 7747 bytes 
------------------------------------------------------------------------------ 
KASPERSKY ONLINE SCANNER REPORT 
Saturday, April 05, 2008 55610 PM 
Operating System Microsoft Windows XP Professional, Service Pack 2 (Build 2600) 
Kaspersky Online Scanner version 5.0.98.0 
Kaspersky Anti-Virus database last update 5/04/2008 
Kaspersky Anti-Virus database records 683803 
-------------------------------------------------------------------------------

Scan Settings 
Scan using the following antivirus database extended 
Scan Archives true 
Scan Mail Bases true

Scan Target - My Computer 
C\ 
D\ 
E\

Scan Statistics 
Total number of scanned objects 36345 
Number of viruses found 2 
Number of infected objects 4 
Number of suspicious objects 0 
Duration of the scan process 013317

Infected Object Name / Virus Name / Last Action 
C\Documents and Settings\albert\Application Data\iolo\SystemAnalyzer.log Object is locked skipped 
C\Documents and Settings\albert\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\cert8.db Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\history.dat Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\key3.db Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\parent.lock Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\search.sqlite Object is locked skipped 
C\Documents and Settings\albert\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\urlclassifier2.sqlite Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\call256.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\callmember256.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\chat512.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\chatmember256.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\chatmsg256.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\chatmsg512.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\contactgroup256.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\dyncontent\bundle.dat Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\index2.dat Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\profile256.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\user1024.dbb Object is locked skipped 
C\Documents and Settings\albert\Application Data\Skype\albert8926\voicemail256.dbb Object is locked skipped 
C\Documents and Settings\albert\Cookies\index.dat Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Messenger\aeking200@btinternet.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Messenger\aeking200@btinternet.com\SharingMetadata\pending.dat Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Messenger\aeking200@btinternet.com\SharingMetadata\Working\database_A88_C62_880C_4F1F\dfsr.db Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Messenger\aeking200@btinternet.com\SharingMetadata\Working\database_A88_C62_880C_4F1F\fsr.log Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Messenger\aeking200@btinternet.com\SharingMetadata\Working\database_A88_C62_880C_4F1F\fsrtmp.log Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Messenger\aeking200@btinternet.com\SharingMetadata\Working\database_A88_C62_880C_4F1F\tmp.edb Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Windows Live Contacts\aeking200@btinternet.com\real\members.stg Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Microsoft\Windows Live Contacts\aeking200@btinternet.com\shadow\members.stg Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\Cache\_CACHE_001_ Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\Cache\_CACHE_002_ Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\Cache\_CACHE_003_ Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbtag2lc.default\Cache\_CACHE_MAP_ Object is locked skipped 
C\Documents and Settings\albert\Local Settings\History\History.IE5\index.dat Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temp\fb_2028.lck Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temp\~DF1F42.tmp Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temp\~DF1F6A.tmp Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temp\~DF60C5.tmp Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temp\~DF6109.tmp Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temp\~DFC9EA.tmp Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped 
C\Documents and Settings\albert\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat Object is locked skipped 
C\Documents and Settings\albert\NTUSER.DAT Object is locked skipped 
C\Documents and Settings\albert\ntuser.dat.LOG Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgscan.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\avg8\scanlogs\I_00000012.log Object is locked skipped 
C\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped 
C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped 
C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped 
C\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped 
C\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped 
C\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped 
C\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped 
C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped 
C\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped 
C\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped 
C\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped 
C\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped 
C\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped 
C\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped 
C\Program Files\MSN Messenger\msimg32.dll Infected not-a-virusAdTool.Win32.MyWebSearch.au skipped 
C\Program Files\MSN Messenger\riched20.dll Infected not-a-virusAdTool.Win32.MyWebSearch skipped 
C\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped 
C\System Volume Information\_restore{C29E4E57-B189-4CE9-BC33-A3CC607FB0D1}\RP182\A0010155.scr Infected not-a-virusAdTool.Win32.MyWebSearch skipped 
C\System Volume Information\_restore{C29E4E57-B189-4CE9-BC33-A3CC607FB0D1}\RP182\A0010156.dll Infected not-a-virusAdTool.Win32.MyWebSearch.au skipped 
C\System Volume Information\_restore{C29E4E57-B189-4CE9-BC33-A3CC607FB0D1}\RP234\change.log Object is locked skipped 
C\WINDOWS\Debug\PASSWD.LOG Object is locked skipped 
C\WINDOWS\SchedLgU.Txt Object is locked skipped 
C\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped 
C\WINDOWS\Sti_Trace.log Object is locked skipped 
C\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped 
C\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped 
C\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped 
C\WINDOWS\system32\config\default Object is locked skipped 
C\WINDOWS\system32\config\default.LOG Object is locked skipped 
C\WINDOWS\system32\config\SAM Object is locked skipped 
C\WINDOWS\system32\config\SAM.LOG Object is locked skipped 
C\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped 
C\WINDOWS\system32\config\SECURITY Object is locked skipped 
C\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped 
C\WINDOWS\system32\config\software Object is locked skipped 
C\WINDOWS\system32\config\software.LOG Object is locked skipped 
C\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped 
C\WINDOWS\system32\config\system Object is locked skipped 
C\WINDOWS\system32\config\system.LOG Object is locked skipped 
C\WINDOWS\system32\h323log.txt Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped 
C\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped 
C\WINDOWS\Temp\95757ed6-2331-4d46-b0ad-778da0549d08.tmp Object is locked skipped 
C\WINDOWS\Temp\fb_424.lck Object is locked skipped 
C\WINDOWS\wiadebug.log Object is locked skipped 
C\WINDOWS\wiaservc.log Object is locked skipped 
C\WINDOWS\WindowsUpdate.log Object is locked skipped 
D\System Volume Information\_restore{C29E4E57-B189-4CE9-BC33-A3CC607FB0D1}\RP234\change.log Object is locked skipped

Scan process completed.

pc running slow

Vino Rosso - 6 April 2008 - 11:19am

Hi

1 - Delete suspect files 
Using Windows Explorer, browse for the following files/folders and delete as instructed

If you cannot see these files, you may have to reveal hidden files as follows: 
In Windows Explorer, select Tools > Folder Options > View 
Set 'Hidden files and folders' to Show hidden files and folders 
Untick Hide extensions for known file types. 
Untick Hide protected operating system files. 
OK

C:\Program Files\MSN Messenger\msimg32.dll <=== Delete this file 
C:\Program Files\MSN Messenger\riched20.dll <=== Delete this file

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Your log seems clean so if your system is still running slowly, it could be left over antivirus entries or something like System Mechanic slowing things down. Please run DSS again as follows:<ul class="bb-list" style="list-style-type:circle;"><li> Click Start > Run type "%userprofile%\desktop\dss.exe" /config click OK</li>
<li> This will bring up a pop up box<ul class="bb-list" style="list-style-type:circle;"><li> Check Main log</li>
<li> Check Extra log<ul class="bb-list" style="list-style-type:circle;"><li> check the 5 boxes beneath it</li></ul></li></ul></li><li> Hit the Scan button</li>
<li> When the scan finishes, please post both logs - the Extra.txt file will be minimised in Taskbar at the bottom of your screen</li></ul></li>Thanks
Vino[/]</li>[/]</li>[/]

slow pc

silver surfer - 6 April 2008 - 7:03pm

Hi Vino, 
sorry to be a pest i did