Slow computer

[Sparx]

I'm just posting to see if anyone has an suggestions, lately I have had a problem with my comp where it goes really slow, I play online games such as CS:Source and my comp struggles to run it at a normal frame rate. If i roll the computer back using system restore to a few days ago the computer is fine. But then when i turn the computer off and come back later the computer goes back to struggling.

 

I've done that a couple of times to try and diagnose the problem myself and nothing seems to be working and after the restore I'm making sure nothing is getting downloaded or installed so that can't be the problem.

 

Any suggestions.

 

Thanks in advance,

 

Sparxy

 

Oh and I'm using windows XP home edition.

[RandyL]

Hi Sparx;

The usual causes are infections and startup items. Have you checked your system for malware? If so what programs did you use?

[Sparx]

I have yeah, I used my usual Bullguard v8.0 which scans for viruses and spyware and is also my firewall. Its usually pretty good an lets nothing through which can be a pain sometimes but better be safe than sorry :p.

[RandyL]

Hi Sparx;

If you think it might be an online gaming issue uninstall the games and see how it runs. That might point you in the right direction.

 

Maybe it's just me but I'm not familiar with Bullguard. So to me it's suspect as to it's worth. Or maybe it's just a British program or one bundled with a broadband service. Either way I would perform some additional steps to check for malware.

 

Malware is the term used to describe computer infections such as Adware, Spyware, Viruses, and Trojan Horses.

You will need to run two malware scanners that are listed in the following instructions.

The time it takes will vary depending on your system and your internet connection, but typically the SuperAntiSpyware scan will take between 30 and 90 minutes, and the Eset online scan will take between 1 and 3 hours.

In most cases, those scans will suffice to disinfect your computer.

 

For best results print the following instructions.

To keep this guide printer-friendly, use your cursor to highlight the contents of below.

From your browser select the "print selection" option to print out these instructions for removal of malware. Follow these instructions carefully.

 

1: Download ATF Cleaner from http://www.snapfiles.com/download/dlatfcleaner.html to remove "junk" files from your computer that contain malware.

When you run ATF Cleaner, uncheck "Cookies" and "Recycle Bin", then click "Empty Selected". For FireFox, be sure to click on the FireFox tab and uncheck "Cookies" and "Recycle Bin" before clicking on "Empty Selected".

 

 

2: Install and run the free version (not the Professional version) of SuperAntiSpyware from http://www.superantispyware.com

Accept any prompts to allow SuperAntiSpyware to install the latest infection definition files.

DO NOT allow SuperAntiSpyware to protect your Home Page settings.

Double click the yellow "bug"icon in the system tray.

Click on "Scan Your Computer".

Make sure there is a dot on C:\Fixed Drive.

Click "Perform a Complete Scan". Click "Next" and reboot the computer when prompted to do so.

 

 

3: Disable your internet security by right clicking on its icon (usually located in the system tray next to the time display) and choosing "Exit", "Disable", or "Shut Down".

 

4: Run an online scan with Eset from http://www.eset.com/onlinescan/

You must use Internet Explorer for this online scan.

Accept the terms and click "Start".

Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".

Click "Start" to begin the scan.

 

5: Restart your computer, make sure your internet security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating.

At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list.

[Sparx]

Right, I did the spyware thing and that found some trojans and other malware which my bullguard didn't and then restarted. Then i did the eset scan and restarted again and I'm still suffering from major slowdown. Its not just the games as even scrolling through the "Programs" list in windows is lagging.

 

Any other suggestions?

 

Sparx

[Guest Wolfeymole]

Download the HijackThis installer from http://www.trendsecure.com/portal/en-US

Run the program and click Scan Only. Don't make any changes. Copy and paste that log here.

[Sparx]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:34:31, on 24/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Lexmark 4300 Series\lxcemon.exe

C:\Program Files\Lexmark 4300 Series\ezprint.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Razer\Copperhead\razerhid.exe

C:\Program Files\Razer\Lachesis\razerhid.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Razer\Lachesis\OSD.exe

C:\WINDOWS\system32\lxcecoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Razer\Lachesis\razertra.exe

C:\Program Files\Razer\Copperhead\razerofa.exe

C:\Program Files\Razer\Lachesis\razerofa.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)

O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe

O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: MagicTune3.5.lnk = ?

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131112010610

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookwormadventures/sis/popcaploader_v10_en.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F2B7E66-5004-46D1-B9FA-D5886934ED02}: NameServer = 212.74.112.66,212.74.112.67

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

 

Thats the log that came from the scan!

[Seth]

Way too many needless startup items there Sparx.

 

Goto Start>Run, type in msconfig and press ok. Put a dot on Selective Startup and click on the startup tab. Scroll through the list and uncheck everything except for your internet security and jusched. Click apply then ok. At restart put a check in "Don't show me this again" when a message appears telling you used the startup utility.

[Sparx]

Just thought i'd give you an update, I didnt get round to doing the startup thing and my computer got faster and solved itself :o). So I don't know why it was acting random but its good to have got the malware off of my computer anyways. Thanks for the help all.

[Bluesplayer.]

Hi Im not a Hjt log expert..but your log shows unused and an infected BHO.

O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

Check. http://www.spywareinfo.com/articles/bho/

If you d/load BHO Demon it will show you what BHOs are installed.

Any that you think are infected can be remove with your Hjt log.

A backup will be made in your Hjt program.

 

Edit.

Definitive Solutions link at Spywareinfo no longer active.

Check.

http://www.spywareinfo.com/downloads/bhod/

[RandyL]

The site that Bluesplayer linked to is trustworthy. "SpywareInfo"

I also have concerns about the BHO items your log shows.

 

Even so called "clean" startup items or BHO's can cause issues such as slowdowns.

A reinfection can also occur if the original programs are not removed prior to a cleaning.

 

I would ask; Did you run both scans and remove EVERYTHING they found?

 

This might be a good time to examine your installed programs and remove any that were free and fun that you didn't research first. Malware can reinstall from such.

 

Depending on what malware the scans found additional steps may be needed.

 

Thanks for posting bluesplayer. You made a good point that should be considered.

Reinfections can happen if the original bundled programs are not removed first.

BHO's can be a prime example.

 

RandyL

[Guest Wolfeymole]

Cheers Barry, thanks mate.

[Seth]

The BHO is a "no file" meaning that the registry entry doesn't have a target.

 

This is normally due to the malware already being removed, but the scanner(s) leave behind the benign registry entry.

 

Typically, those won't cause any issue, but you can remove them if you want.

[AdvancedSetup]

For the BHO the "no file" removal is okay but be careful with drivers and other entries as the scanners often can not properly detect and say there is no file but if you physically browse to the file it is there and removing a device driver can have adverse affects on your computer to the point of even preventing it from starting up.

[RandyL]

Thanks AS and seth for explaining.

What do you think of SweetIM? This is part of their EULA.

 

"In order to receive the benefits provided by the SweetIM Software, you hereby grant permission for the SweetIM Software to (i) utilize the processor and bandwidth of your computer (ii) use certain personal information that you have submitted to your instant messenger provider. You understand that the SweetIM Software will protect the privacy and integrity of your computer resources and communication and ensure the unobtrusive utilization of your computer resources to the greatest extent possible. The Software is exposed to various security issues, and should be regarded as unsecure. By accepting this Agreement, you acknowledge and accept that the Software, and any information you download or offer to share by means of the Software, may be exposed to unauthorized access, interception, corruption, damage or misuse, and should be regarded as insecure. You accept all responsibility for such security risks and any damage resulting therefrom. "

[AdvancedSetup]

Well for me I have no interest or desire to use such software. Not my exact words but similar thoughts are posted here.

 

Those damn "smileys" are so EVIL

 

There is also a PDF file on their site about these type of software packages.

Suckerware_-_Cost_of_a_Free_Smiley_v3.pdf

 

Clicking the above link should open Acrobat Reader with the document

Suckerware_-_Cost_of_a_Free_Smiley_v3.pdf

 

If link does not function then you can look in the Reading Room on their home page at

ishackingyou Website

Then under "IsHackingYou_Publications"

[Seth]

For the BHO the "no file" removal is okay but be careful with drivers and other entries as the scanners often can not properly detect and say there is no file but if you physically browse to the file it is there and removing a device driver can have adverse affects on your computer to the point of even preventing it from starting up.

Good point AS.

 

Yet another reason I don't bother with no file BHO's.

[Seth]

Have a look at this Randy. The scanners mentioned are outdated, but the info on HT is still relevant:

 

http://www.populartechnology.net/2005/02/overuse-of-hijackthis.html

 

From the link:

 

HijackThis is tool glorified by wannabe sutto-intellectuals who want to make themselves feel important. People can get 99% of the way there in almost all case running simple scans in safe mode. I do this for a living and yes occasionally I do use Hijackthis. Almost every time, the system is already clean and the tool is useless.

 

 

 

 

I agree. I only use the tool to see what's running and not for any malware issues.

[AdvancedSetup]

There is also this product for scanning systems.

 

RunScanner is a freeware windows system utility which scans your system for all running programs, autostart locations, drivers, services and hijack points.

You can use Runscanner to detect changes and misconfigurations in your system caused by spyware, virusses or human errors.

click here for the Runscanner Home Page

[RandyL]

This might be a good time to examine your installed programs and remove any that were free and fun that you didn't research first. Malware can reinstall from such.

RandyL

When I see programs like IMSweet in the log I get suspicious. I have seen adware and spyware reinstall with some programs like bearshare if the original program wasn't removed first.

 

I understand the dead entries and agree that good cleaners should remove the crap. I still think that programs should be carefully looked at. Probably not an issue in this case.

 

Thanks for the insight and taking the time. I appreciate it. When you write I read.

[RandyL]

I'm still waiting for opinions on problematic programs that still exist that might cause future issues based on the HJT log. Read ALL of my posts number 11, 15 and 20. Not just parts of them.

 

In my opinion the BHO IMSweet is not likely to reinfest by itself but is a security risk and possible malware based on the EULA.

 

As such I do not consider the system clean or fully protected as long as this running program as viewed on the HJT log is active.

 

Granted with proper security measures in place the risk is less but the end user still agreed to have his processor USED. And will everyone who reads this thread know to consider these issues unless we mention them?

 

I hate cleaning a machine twice. That's why I remove such items and give a lecture on them when I return it. And other items like it.

 

Malware free? It appears so.

Problem free? Maybe not.

Programs are still an issue.

 

Look carefully at my posts in this thread. I was not referring to just one thing.

RandyL

[AdvancedSetup]

I'll try to take a look at them in the morning Randy

 

It's now 03:35 and I need to get to bed and get some sleep before work.

[Guest Wolfeymole]

You'll try?

 

Try not to make your reply too technical for us will you Ron, after all we are but mere mortals trying to climb the tree of intellectual success, but finding that moss is growing. :D :D

[Seth]

I don't understand the problem Randy.

 

Three scanners have been run, Sparx says all is well now, and the log is clean.

 

HijackThis, is just showing a benign registry entry for IE. After a disinfection, there our dozens of these leftover in the rest of the registry that HT doesn't even show. Any malware program that is in Add/Remove programs, will have had their executables deleted. As such, they are of no threat.

[Guest Wolfeymole]

I didnt get round to doing the startup thing and my computer got faster and solved itself.

Just like that.