Windows XP Almost Stopped......

[nivrip]

My daughter’s PC is extremely slow. It is 18 months old, Intel Celeron 2.8 GHz, 512 MB RAM. Uses XP.



AVG, Spybot and a-squared anti Trojan all seem very happy. I have created a log file using HijackThis and it follows. There seem to be LOTS of entries but I am not able to make any decisions about their suitability or otherwise.



Any advice would be appreciated.





Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:33:58, on 06/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\BOINC\boincmgr.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

C:\Program Files\BOINC\boinc.exe

C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.15_windows_intelx86

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\MSN Messenger\usnsvc.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...ag59RzpajRDOp8qUXr6pNzFk8x0acbzJDzVXOgV4UjIvu

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...z20AkaVCDIqCjJLEFeuNOnUPlfe330PFcTeTo2EscPYc=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/library/app/feedback/?Md5=021E25CFAE7607A411D06F2B504D2256

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: bw+0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {599173C7-A096-4FF6-A299-D5322166C561} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



--

End of file - 23882 bytes

 

[muckshifter]

Hello niv ...


There are 2 nasties that concern me ... I suggest you get HJT to fix the following;

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...zJDzVXOgV4UjIvu
Nastie, must be fixed

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...cTe To2EscPYc=
Nastie, must be fixed

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
Should be fixed, no application is mentioned

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Unnecessary (deactivated) entry that can be fixed

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
Should be fixed

The 018s are not a problem but if you do not want the Logitech Desktop Messenger to be running you can either disable it or uninstall it, it just periodically checks for updates to any of your Logitech software.

Two other things running against you are, a Celeron is a slow CPU & 512Mb is a little borderline, in my opinion.

I would also check how many programs are preloading, unnecessarily, and curtail them, or even uninstall the unneeded.

 

[nivrip]

Two other things running against you are, a Celeron is a slow CPU & 512Mb is a little borderline, in my opinion.

Thanks for your help Mucks. I'll get those items fixed asap

For what she wants the system, in general, works well but she has had a few alerts about the Virtual Memory. I took this to mean that increasing the RAM would be helpful. Is that what you mean by saying that it is borderline? Do you think that it would be a worthwhile exercise to increase?

 

[SlimJim]

When the system is running very slowly it could be worth checking task manager to find out which processes are using the most CPU time. I found that on startup and for a few minutes afterwards my PC was essentially unusable and this is mostly due to all the automatic update programs simultaneously "phoning home" together with Outlook checking for email. I have overcome this problem by using System Mechanic to delay startup items. There is a freeware program -Startup Delayer - which will do a similar job if you don't have System mechanic. For general improvement I think extra RAM would be very worthwhile.

 

[floppybootstomp]

Apart from the software probs Mucks has pointed out, here's another vote for an extra 512Mb of memory. In my opinion it would help a great deal.

Be sure to get, if possible, exactly the same type and make as the memory stick already fitted.

You can often find out this information simply by looking at the memory itself, it often has a sticker giving this information.

If not, Crucial's website can tell you which memory is compatible with your motherboard if you tell them the make and model number of the motherboard.

 

[nivrip]

Thanks for that info, Flops. The PC is a Dell (I know what most people think about Dell ) I haven't been inside it yet but I Googled the model and I believe that, to save money, Dell provided 2 memory slots BOTH of which are already filled.

If, therefore, I increase the memory it will mean discarding the original memory altogether. Does it then matter what make of new memory I get?

 

[muckshifter]

It's not easy to suggest what should & shouldn't load when Windows first boots up, every PC will be different for every individual.


I suggest also that some people still hang on to the old Win 9x fables that XP suffers from a resources problem, get with the times. Xp will need around 500MB just for itself, but actually does handle resources far better than any Win 9x ever did.

Using another program to handle these problems without addressing the problem is, in my opinion, just adding to the cause.

Every one of the 04s in your HJT log are programs preloading and running whether you need them or not ... look through each one, most will/can be told not to load at startup ... some may even be uninstalled as they are no longer used or there is an alternative that will load on demand.

An example: Adobe Acrobat Reader preloads to make it run faster, is sitting in your taskbar running, waiting to be used ... go get Foxit as a replacement, it runs ONLY when you double click on a .PDF file. Nobody needs Adobe's Reader.

In your case, looking at the 04s, I see ...
RealPlay.exe ... ouch!! this is a real pain in the ass
qttask.exe ... QuickTime, not needed to load at startup
easyshare.exe ... Kodak EasyShare, not needed to load at startup

... the list goes on, a lot of these 'programs' do NOT need to 'load' at all, especially all them messenger programs.

If your daughter cannot do without all these 'programs' then more Ram will ease the burden on your HD. I suggest more ram anyway.

 

[floppybootstomp]

If, therefore, I increase the memory it will mean discarding the original memory altogether. Does it then matter what make of new memory I get?

It doesn't matter what make of memory, no, but it does matter what type.

I'd suggest buying two 512Mb modules from Crucial, if Crucial can supply memory for Dell machines that is. If not you may have to purchase directly from Dell, which will probably work out more expensive.

For the old memory, once you've positively identified it you can advertise it on E-Bay, 2 x 256Mb sticks will usually sell there, still lots of old machines and enthusiasts about.

 

[nivrip]

I've managed to fix all the enties you suggested, Mucks, except one. The O18- Filter Hijack refuses to be "fixed" by HJT and remains on the list.

Any other way of removing it?

 

[muckshifter]

Ouch!


It's an Adware.CasinoClient, look for these files, if found, delete them ... casstub.exe cassetup.exe casclient.exe casmf.dll ... it's a browser keylogger.

To me, you had a CWS infection, and the O18 entry is a remnant of it that lost the CLSID and the file that was associated with it.

I do not believe that the O18 represents an immediate threat, but have no idea if those Registry entries will have any consequences.

You will have to go looking in your Registry, if you do not feel confident, 'cos messing with the Registry can lead to a non working system, then pop the PC in to post to me, err, well OK, but it needs someone who knows how to navigate the Registry to affect a proper fix.

This is what the author of HijackThis wrote about these entries:

O18 Section This section corresponds to extra protocols and protocol hijackers.

This method is used by changing the standard protocol drivers that your computer uses to ones that the Hijacker provides. This allows the Hijacker to take control of certain ways your computer sends and receives information.

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter

HijackThis first reads the Protocols section of the Registry for non-standard protocols. When it finds one it queries the CLSID listed there for the information as to its file path.

Example Listing O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll

Common offenders to this are CoolWebSearch, Related Links, and Lop.com. If you see any of these you can have HijackThis fix it.

It is important to note that fixing these entries does not seem to delete either the Registry entry or the file associated with it. You should have the user reboot into Safe Mode and manually delete the offending file.

Let me know if you wish to try and 'fix' the Registry.

 

[nivrip]

It's an Adware.CasinoClient, look for these files, if found, delete them ... casstub.exe cassetup.exe casclient.exe casmf.dll ... it's a browser keylogger.

Being a novice at these sort of things, where exactly would I look for these files? Do I simply run a Search?

 

[muckshifter]

Being a novice at these sort of things, where exactly would I look for these files? Do I simply run a Search?

Yep, Click on the Start menu, then on Find, and then on Files or Folders.

Type in ... cas*.exe ... it should find ALL files that have cas in them, so be careful which ones you do delete.

Place a check mark in the box labeled Find Subdirectories.

Click on Find Now.

May take some time.

 

[nivrip]

And another dumb question. Do I delete them directly from the Search List?

 

[muckshifter]

And another dumb question. Do I delete them directly from the Search List?

Yes.

 

[nivrip]

Type in ... cas*.exe ... it should find ALL files that have cas in them, so be careful which ones you do delete.

Place a check mark in the box labeled Find Subdirectories.

Click on Find Now.

May take some time.

This brought up only one file, namely CasPol, with a creation date of Feb 2003, which I don't think has anything to do with this problem.

Since Fixing the other entries with HJT the system is now running as it did originally i.e. very well.

Is there anything more I need to do to pursue these rogue files?

 

[GameMaster]

Well Adware running on your computer isn't nice
All you can do now, I guess is post a fresh HijackThis so muckshifter will look it up and say with proud: You are clean.
lol

 

[nivrip]

Oh! Another thing, Mucks, what is the significance of (no file) at the end of the O18 entry that we are trying to eliminate? Especially with finding none of the expected files containing cas*.exe on Search.

 

[muckshifter]

This brought up only one file, namely CasPol, with a creation date of Feb 2003, which I don't think has anything to do with this problem.

Correct, do not delete that file ... I only wanted you to search, just in case there were any remnants.

Since Fixing the other entries with HJT the system is now running as it did originally i.e. very well.

Good.

Is there anything more I need to do to pursue these rogue files?

Not that I can see. As I said, the only way to eliminate the CLSID is to mess with the Registry. I don't see any point in getting you in a dizzy over it.

Oh! Another thing, Mucks, what is the significance of (no file) at the end of the O18 entry that we are trying to eliminate?

HJT can fix these dead pointers from within your Registry for you, but as you have found out, sometimes it can't.

I'm satisfied your system is good to go.

 

[nivrip]

MUCKS
​

 

[michael555]

I think 512mb ram is fine for windows xp, but 1gb would help but is,nt needed for windows xp unless your playing games.


You do have alot of things install there and a few on start up.

But try what muckshifter said removing the spyware.

could try removing some things you do not need.