-1

I have a HP Pavilion dv8000 laptop that is about 3+ years old. It has been great until recently. I don't know what I got into but I know I'm infected. For about a month now my computer is super slow, not just on the internet. My screensaver freezes up, its slow going from one program to another in the taskbar, the CD drive is slow, when I type the cursor will jump back to previous sections of my message, even when I click on "My Computer" it takes about 5 secs searching for it. I'm hitting ctrl,alt,del all the time to end programs that are not responding. I've ran a anti-Malware scan and AVG virus scan and not found anything.

I'm definitely a novice at this and would appreciate any suggestions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:43 PM, on 09/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files 2\HijackThis.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170797693812
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11003 bytes

8
Contributors
39
Replies
40
Views
8 Years
Discussion Span
Last Post by BrianDSy
Featured Replies
  • Dan, Among other things, it's obvious you have a system with the Microsoft Development tools (Visual Studio?) installed, and you have Microsoft SQL server running at startup on your system. If you have that setup to broadcast it's presence, you may be easy pickings for hackers. I'm not sure that … Read More

  • [QUOTE=mdk2k4;1001901]I thought the Thread title says, Infected computer Please Help....huhhh[/QUOTE] Did you see anything in the HJT or MBAM logs that warrants running Combofix? I once had a poster tell me that a virus had turned his cursor into a dinosaur......LOL! Can't always take things at face value :) I … Read More

  • [QUOTE]What is your opinion of downloading a Registry Mechanic?[/QUOTE] Not a good idea. Registry "cleaners/fixers" very often bring on a lot more trouble than you are all ready having. Leave it alone. For the Norton program, first go to Task Manager and look for this running; LiveUpdate\ALUSchedulerSvc.exe If you see … Read More

  • [QUOTE=dand122;1002679]I was able to delete most the Norton and Symantec stuff. I wasn't able to delete a Aluschedulersvc.exe file.[/QUOTE] Try it this way first. Go to Start, Control Panel, Administrative Tools, Services. When Services opens scroll through the list until you see these files; [B]Automatic LiveUpdate Scheduler - Symantec Corporation … Read More

  • Now for your unneeded auto starting programs; All of these programs auto start when the computer starts and then generally run all the time in the back ground. None of them are needed for the smooth running of the computer. Some are totally unnecessary and some are considered "Users Choice", … Read More

1

Dan,
Among other things, it's obvious you have a system with the Microsoft Development tools (Visual Studio?) installed, and you have Microsoft SQL server running at startup on your system. If you have that setup to broadcast it's presence, you may be easy pickings for hackers. I'm not sure that is the problem.

A quick visual scan of your hijack this log leads me to believe that you have both AVG and Norton Antivirus installed; You don't say how much memory you have, and you have a couple of BHO's that need to be investigated, but there are additional apps to review.
you have Quicktime and Adobe loading their quick launch apps at startup, that's a minor but noticeable performance hit. You have Microsoft Word running at the time you ran HijackThis, if it's running all the time that will add to the load.
You have a lot of the Google software, my own experience with a p4 that ran at 2.4ghz was that when the Google Desktop search got to be a certain size, I saw real performance issues. Your laptop is a 1.7ghz dual core right? It will get bogged down if there are too many programs loading at startup.
The bluetooth mouse driver that you have (Logitech) is described by at least one person as a poorly behaved app that can take up CPU resources.
You have multiple browser Add-Ons (the BHO entries) that will add a lot to MSIE's workload. I think that you probably have the Google search in that as well as in the Google toolbar. You should cut back on the add-ons.
Summary:
Try disabling the Bluetooth mouse application first. Then Google desktop search. Unless you use Adobe and Quicktime on an hourly basis you should disable the 'load at startup' option on each of those. After that, if you have the Microsoft Live search toolbar in your browser, you should go into the Manage Browser Add-ons and disable two of the three toolbars. While your doing that, disable the Safe Eyes add-on as well and look at the list of active add-ons for anything dodgy (like entries without a name). Restart the computer and check how it's performing. Let us know if that improves things

0

I wanted to also post the Malware scan that I did last night. I don't know if it will be helpful or not.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

09/30/2009 8:55:35 AM
mbam-log-2009-09-30 (08-55-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 225348
Time elapsed: 1 hour(s), 27 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Brian,

I appreciate your time and suggestions. I do have a dual core 2.0GHz.

Please excuse my ignorance but I'm not sure how to execute your suggestions. The Norton is outdated so I can get rid of that as well as the blue tooth mouse. How do I uninstall them?
How do I change my start-up options?

What is a BHO?

What about the cursor moving and jumping around while I type?

0

Combofix is great for malware and spyware, it doesn't necessarily fix problems with software that has conflicts with other programs.
Dan,
to answer your question about how to remove programs; Click Start, then Control Panel, then Add/Remove Programs. The window will appear with all the programs installed on your computer. Scroll down till you find the Bluetooth Mouse. It will probably be listed under the name of the company that made it. Remove that and reboot the machine if you need to. Then do the same thing for Norton. After you remove the bluetooth mouse, I bet your cursor will stop jumping around. I'll add the bit about removing Browser Helper Objects (BHO's) when I get home to my PC (I use a Mac).

0

Combofix is great for malware and spyware, it doesn't necessarily fix problems with software that has conflicts with other programs.
Dan,
to answer your question about how to remove programs; Click Start, then Control Panel, then Add/Remove Programs. The window will appear with all the programs installed on your computer. Scroll down till you find the Bluetooth Mouse. It will probably be listed under the name of the company that made it. Remove that and reboot the machine if you need to. Then do the same thing for Norton. After you remove the bluetooth mouse, I bet your cursor will stop jumping around. I'll add the bit about removing Browser Helper Objects (BHO's) when I get home to my PC (I use a Mac).

I don't see the bluetooth mouse program. I stopped using that mouse months ago and think I already uninstalled it. I don't see Norton listed either. I have a few other programs that I've tried to remove in Add/Remove Programs that say it can't find the file.

What is your opinion of downloading a Registry Mechanic?

1

I thought the Thread title says, Infected computer Please Help....huhhh

Did you see anything in the HJT or MBAM logs that warrants running Combofix?

I once had a poster tell me that a virus had turned his cursor into a dinosaur......LOL! Can't always take things at face value :)

I think Brian is on point here.

Cheers :)
PP

0

I also had a virus turn into Mickey Mouse once, and mbam is becoming a headache, whit that IP protection, every website’s IP are suspicious, and Hijack never work for me, at least combofix had fix me a lot of pc's.

1

What is your opinion of downloading a Registry Mechanic?

Not a good idea. Registry "cleaners/fixers" very often bring on a lot more trouble than you are all ready having. Leave it alone.

For the Norton program, first go to Task Manager and look for this running;
LiveUpdate\ALUSchedulerSvc.exe
If you see it, End the Process.
Then go to Add/Remove and look for Symantec. IF you find it in there Uninstall it. That appears to be the only Symantec/Norton process still running.

Then go to Start, Search, and look for Norton, delete anything found. Then do the same for Symantec.

You have a lot of programs running unnecessarily at start and therefore running all the time. This would slow the computer considerably. Also, AVG can really be a drag on resources as it has so many needless processes. You might consider a different anti-virus program, Avira or Avast are a couple of really good free ones. Highly recommended.
Try going OFFLINE and run the computer without the AVG running and see if it makes a difference. If it does then change your anti-virus program.
We can certainly help you pare down some of those needless auto starts if you wish.

Edited by jholland1964: n/a

0

I thought the Thread title says, Infected computer Please Help....huhhh

It says "Infected" because that was my assumption. When your computer starts freezing up, programs crashing, the cursor getting jumping what else are you supposed to think? I'm not an IT guy, just a computer user.

If its not infected what is the problem?

0

It says "Infected" because that was my assumption. When your computer starts freezing up, programs crashing, the cursor getting jumping what else are you supposed to think? I'm not an IT guy, just a computer user.

If its not infected what is the problem?

Don't worry about that guy, just continue with the instructions given to remove those Norton remainders. Then run a new HJT scan and post that log, I'll go through those start ups and tell you what they are and how to stop them.
Judy

Edited by jholland1964: n/a

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:27 PM, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MemTurbo 4\MemTurbo.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files 2\HijackThis.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170797693812
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9695 bytes

Is there any way to cut and paste the list of my "processes" from Task Manager? I have about 56 running when nothing is open.

0

Not a good idea. Registry "cleaners/fixers" very often bring on a lot more trouble than you are all ready having. Leave it alone.

For the Norton program, first go to Task Manager and look for this running;
LiveUpdate\ALUSchedulerSvc.exe
If you see it, End the Process.
Then go to Add/Remove and look for Symantec. IF you find it in there Uninstall it. That appears to be the only Symantec/Norton process still running.

Then go to Start, Search, and look for Norton, delete anything found. Then do the same for Symantec.

You have a lot of programs running unnecessarily at start and therefore running all the time. This would slow the computer considerably. Also, AVG can really be a drag on resources as it has so many needless processes. You might consider a different anti-virus program, Avira or Avast are a couple of really good free ones. Highly recommended.
Try going OFFLINE and run the computer without the AVG running and see if it makes a difference. If it does then change your anti-virus program.
We can certainly help you pare down some of those needless auto starts if you wish.

I was able to delete most the Norton and Symantec stuff. I wasn't able to delete a Aluschedulersvc.exe file.

1

I was able to delete most the Norton and Symantec stuff. I wasn't able to delete a Aluschedulersvc.exe file.

Try it this way first.
Go to Start, Control Panel, Administrative Tools, Services.
When Services opens scroll through the list until you see these files;
Automatic LiveUpdate Scheduler - Symantec Corporation
LiveUpdate - Symantec Corporation. When you do double click it to bring up it's properties. First Click the Stop Button to stop the Service.
Once the service stops then click the Start Up type button and change it to Disabled.
Ok your way all the way out.
When go to C:\Program Files\Symantec\ and delete the Symantec Folder.

Next, run HiJackThis again and put check marks next to the following entries:
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - Startup: PowerReg SchedulerV2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Once you have placed the check marks then click the Fix Checked button. Exit HJT.
I will look through your auto starts and post back here with a list of those which are not required to auto start and can be run manually and instructions on how to turn these off.

Edited by jholland1964: n/a

2

Now for your unneeded auto starting programs; All of these programs auto start when the computer starts and then generally run all the time in the back ground. None of them are needed for the smooth running of the computer. Some are totally unnecessary and some are considered "Users Choice", that is, if you want them to run all the time go ahead but they are not needed. The User Choice ones I will mark with a * so you decide. The others absolutely are not required.
To easily disable these auto starts you can use one of these programs, Mike Lin's StartUp Control Panel which, after download and install can be found in the Control Panel with a little computer icon labeled Start Ups or CodeStuff Starter. The CodeStuff program you can save anywhere you can easily find it. CodeStuff is a bit more of an "in depth" program than Mike Lin's as you can also turn off Services and also has a detailed Process manager, somewhat like the Task Manager. It just is more detailed. You can install either or both of these programs. I have them both so either are fine. Both are FREE. Mike Lin's just enables you to stop auto starting programs.
Either way, once downloaded then open which ever program you have chosen. When Mike Lin's opens you will see six tabs. Go through each tab and remove the check mark from the program you want to Stop from auto start. Once you have done that close the program and reboot.
On CodeStuff you click the Start Ups tab and go through the various listings there, removing check marks from any you want to disable at start up. Once complete then Exit the program With either program once you have done all that then reboot the computer.
Here is the list along with a description of each program:
*ATIPTA>>>>Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
*LSBWatcher>>>HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting.
eabconfg.cpl>>>Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Cpqset>>>Default settings software in Hewlett Packard notebook
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
**ICF-Safe Eyes>>>Internet Content Filter. Tool that allow parents to choose appropriate content for their children. (this one is truly up to you. You would have had to install it for it to be there. If you want it then leave it)
*NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Adobe Reader Speed Launcher>>>exactly what it says it is. Supposedly speeds the opening of the Adobe Reader. Actually only speeds it by a few seconds. Program works perfectly fine without this.
HP Software Update>>>HP software updates. If a shortcut doesn't exist, create your own and run it manually
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards
DW6>>>The Weather Channel's desktop weather program.
Google Update>>>This startup is used by Google products such as Picasa and Chrome, among others, to check for new updates.
HP Digital Imaging Monitor>>>can be launched manually

0

KHALMNPR.EXE appears in the list of progams that are loaded at startup from the Registry. I can see it at the top of this page in your first message. This program is normally associated with Logitech mouse and hardware products, and allows various control and changes to these hardware devices. I can't see the whole registry entry at the top of the page, but it is there. Did you delete the program by hand, thinking that would uninstall it? The mouse software is still active then, waiting for you to reconnect the mouse. It will be listed as a Logitech program in the remove program list.
Registry Mechanic and many other Registry cleaning tools are fine, and may be useful to you. However, I'm confident that the first step should be to look through the 'Remove Programs' control panel and take the steps I suggested above.
BHO stands for Browser Helper Object. It is an add-on for Internet Explorer. You can disable it by starting MSIE and clicking Tools/Add-Ons. Then look through the list of add-ons for the AVG toolbar. Disable that.
Also, you wrote above "I have a few other programs that I've tried to remove in Add/Remove Programs that say it can't find the file." That is a clear sign that the program was simply deleted from the Program Files, not uninstalled. This is the kind of thing you should never do, but Registry Mechanic may be able to fix it.
Also, according to the Hijack This log above, you are running it from a folder on the D: driver called "Program Files2". Please let us know if you have two different copies of WindowsXP installed on the same machine.

0

By the way I should add that Dandi122 and JHolland1964 have both made very good suggestions with great step by step directions, and I would strongly recommend them.

0

So I've been able to do as suggested and I noticed an immediate improvement in the speed, but within a few hours it seemed to slow down again. Not as bad a before but still not as good as earlier.

Overall thank you for the help. Any other suggestions?

Now for your unneeded auto starting programs; All of these programs auto start when the computer starts and then generally run all the time in the back ground. None of them are needed for the smooth running of the computer. Some are totally unnecessary and some are considered "Users Choice", that is, if you want them to run all the time go ahead but they are not needed. The User Choice ones I will mark with a * so you decide. The others absolutely are not required.
To easily disable these auto starts you can use one of these programs, Mike Lin's StartUp Control Panel which, after download and install can be found in the Control Panel with a little computer icon labeled Start Ups or CodeStuff Starter. The CodeStuff program you can save anywhere you can easily find it. CodeStuff is a bit more of an "in depth" program than Mike Lin's as you can also turn off Services and also has a detailed Process manager, somewhat like the Task Manager. It just is more detailed. You can install either or both of these programs. I have them both so either are fine. Both are FREE. Mike Lin's just enables you to stop auto starting programs.
Either way, once downloaded then open which ever program you have chosen. When Mike Lin's opens you will see six tabs. Go through each tab and remove the check mark from the program you want to Stop from auto start. Once you have done that close the program and reboot.
On CodeStuff you click the Start Ups tab and go through the various listings there, removing check marks from any you want to disable at start up. Once complete then Exit the program With either program once you have done all that then reboot the computer.
Here is the list along with a description of each program:
*ATIPTA>>>>Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
*LSBWatcher>>>HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting.
eabconfg.cpl>>>Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Cpqset>>>Default settings software in Hewlett Packard notebook
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
**ICF-Safe Eyes>>>Internet Content Filter. Tool that allow parents to choose appropriate content for their children. (this one is truly up to you. You would have had to install it for it to be there. If you want it then leave it)
*NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Adobe Reader Speed Launcher>>>exactly what it says it is. Supposedly speeds the opening of the Adobe Reader. Actually only speeds it by a few seconds. Program works perfectly fine without this.
HP Software Update>>>HP software updates. If a shortcut doesn't exist, create your own and run it manually
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards
DW6>>>The Weather Channel's desktop weather program.
Google Update>>>This startup is used by Google products such as Picasa and Chrome, among others, to check for new updates.
HP Digital Imaging Monitor>>>can be launched manually

0

KHALMNPR.EXE appears in the list of progams that are loaded at startup from the Registry. I can see it at the top of this page in your first message. This program is normally associated with Logitech mouse and hardware products, and allows various control and changes to these hardware devices. I can't see the whole registry entry at the top of the page, but it is there. Did you delete the program by hand, thinking that would uninstall it? The mouse software is still active then, waiting for you to reconnect the mouse. It will be listed as a Logitech program in the remove program list.

BHO stands for Browser Helper Object. It is an add-on for Internet Explorer. You can disable it by starting MSIE and clicking Tools/Add-Ons. Then look through the list of add-ons for the AVG toolbar. Disable that.
Also, you wrote above "I have a few other programs that I've tried to remove in Add/Remove Programs that say it can't find the file." That is a clear sign that the program was simply deleted from the Program Files, not uninstalled. This is the kind of thing you should never do, but Registry Mechanic may be able to fix it.
Also, according to the Hijack This log above, you are running it from a folder on the D: driver called "Program Files2". Please let us know if you have two different copies of WindowsXP installed on the same machine.

I was able to clear up the Logitech issue and so far the cursor is behaving.

Since I have a dual hard drive system and my C drive is getting pretty full, I've started saving programs to the D drive. I only have one copy of WindowsXP installed on my computer.

0

So I've been able to do as suggested and I noticed an immediate improvement in the speed, but within a few hours it seemed to slow down again. Not as bad a before but still not as good as earlier.

Overall thank you for the help. Any other suggestions?

Since it slows again after a few hours then what you have to look at is what is running? How much RAM is installed? You said your "C" drive is getting full...how full?

One thing that will slow the computer is that AVG anti-virus program, it is just loaded with "stuff". I would recommend you choose another anti-virus program. Avira and Avast are both FREE, excellent and don't come with as much extra running files.
I, myself, prefer Avira and have used it several years but the choice is yours.
Do a new scan and post the log.

Edited by jholland1964: n/a

0

Hello,

Most probably your system will be having registry problems.You

should Try out with a registry cleaner. It will cleaned up all temp

and unusual file and increase your computer speed. <SNIP>

I'm getting conflicting opinions about Registry Cleaners. Can they damage my files?
Are there any free ones available?

0

Since it slows again after a few hours then what you have to look at is what is running? How much RAM is installed? You said your "C" drive is getting full...how full?

One thing that will slow the computer is that AVG anti-virus program, it is just loaded with "stuff". I would recommend you choose another anti-virus program. Avira and Avast are both FREE, excellent and don't come with as much extra running files.
I, myself, prefer Avira and have used it several years but the choice is yours.
Do a new scan and post the log.

My "C" drive is 95% full. I think I have 1 gig of RAM. Does that sound right? Where do I look to be sure?

I did get rid of AVG as you suggested and downloaded Avast.

I'll post a new scan shortly.

FYI, still having the cursor issue occasionally. If I'm running Outlook, a browser with 2+ windows open, and Powerpoint, then Powerpoint creeps along. It didn't used to.

0

I'm getting conflicting opinions about Registry Cleaners. Can they damage my files?
Are there any free ones available?

Absolutely leave the Registry Cleaners alone. Learned this years ago from a fellow I learned much of what I know today and have followed his opinion on this which is the following:

. Were registry cleaning *really* able to improve performance, the developers of these utilities would support their marketing claims with some form of empirical evidence (performance prior to cleaning -vs- performance post cleaning). But have you ever seen such benchmarking? No, and that's because registry cleaning does *not* improve perforance. Think about it ... programs such as SpywareBlaster dump 1000's of entries into the registry without causing any performance hit. Similarly, the fact that registries tend to hold significantly more information than in years gone by (bigger hard disks = more programs installed/data stored = more registry entries) has not resulted in systems slowing to a crawl.

Using an automated cleaner to try to fix a problem is akin to using a shotgun to remove an appendix. The best way to deal with (possibly) registry-related issues is is to throughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).

Now having your "C" 95% full will absolutely slow the computer, I am surprised it is actually running! You need to go through there and get some of that off of there. What all is it? Go through and decide what is needed and what is not. Burn pictures and music to disks and get it off entirely. Remove programs you never use. Clean Temp files and the like.
To find out how much RAM is on there Right Click My Computer and choose Properties. The first page that opens will give you that information right below where you see Computer:
1GB is an ok amount but more would be better. But key right now is cleaning out that "C" drive.

0

Now having your "C" 95% full will absolutely slow the computer, I am surprised it is actually running! You need to go through there and get some of that off of there. What all is it? Go through and decide what is needed and what is not. Burn pictures and music to disks and get it off entirely. Remove programs you never use. Clean Temp files and the like.
To find out how much RAM is on there Right Click My Computer and choose Properties. The first page that opens will give you that information right below where you see Computer:
1GB is an ok amount but more would be better. But key right now is cleaning out that "C" drive.

It is 1GB of RAM. I've tried to go through get rid of programs I don't use as well as clean temp files and such. I've also been trying to utilize my "D" drive. Each drive is 95GB. I have a lot of music on my iTunes I think that is a big part of the problem. I tried moving the iTunes folder over to the "D" drive but it didn't recognize it when I did.

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:13 PM, on 10/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\Program Files 2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170797693812
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7458 bytes

0

You know to see what IS using all that space, you might try this program DiskPie I have used it before when cleaning out computers. It tells you exactly what IS taking up all the space on there. Read that PC Computer article about it and if you decide to use it then you can download the zip file right there at the top of page one. It does give a good picture of exactly what is hogging and that physical space on the drive.

0

Two antivirus on the same computer (even if one is expired) do not play well together. (period!)

Go to:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

and download the removal tool - Get rid of norton. Till norton has a smaller footprint, easier to manage, and plays well with wireless better, it is good just not to use it.

THEN - uninstall AVG (I will have you reinstall it after that part of your computer is clean)

THEN:
Open your RUN command, type msconfig
click on the startup tab (PAY ATTENTION - ONLY the startup tab, do not 'clean' anywhere else) UNCHECK EVERYTHING - yes, that is what I said - UNCHECK EVERYTHING. If windows needs it to operate it will "re-check" itself on reboot. - then reboot.

THEN:
After these three things are done, REINSTALL AVG or Avast (I kinda like avast better, for several various reasons I will not go into now) - Avast is also free to use. (reboot if you installed Avast - AVG you don't have to)

THEN :
Download and install C-Cleaner - update it, then USE IT !!! Keep using it till 0 bytes removed comes up, and then use its registry cleaner - keep running it till NO PROBLEMS Found comes up (i dont' have a book to tell you why, just that it works)

THEN:
Update (very important ALWAYS UPDATE FIRST) - and run Malwarebytes, if it finds things and needs to reboot - do so, then UPDATE and run malwarebytes again (till it finds nothing).

THEN:
Post if you are still having latency problems.


Hollyecho Montgomery
Microsoft Certified
A+
20 years experience field tech

0

Hollyecho, This thread was begun 8 days ago and now you are covering a LOT of OLD ground here advising the very same steps which have all ready been fully completed:

AVG has all ready been removed and replaced by Avast as noted HJT log in post #14. All the Norton stuff you noted have all ready been taken care of as noted by the poster in post #15.

Unnecessary start ups were listed in post #17 and recommendations on how to stop these were noted AND also taken care of as demonstrated by the latest HJT log.

Malwarebytes' was all ready updated run over 1 week ago and came up clean in post #3. Finally poster DID post he is continuing to have problems in post #22 2 days ago. He also posted his hard drive is 95% FULL and he only has 1GB of RAM. I gave him my recommendations yesterday and he has yet to post back.

Edited by jholland1964: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.