Slow Computer Response:

[Daave]

My handle is Navyguy, I apparently posted it in the wrong forum and
didn't do it right as it was moved by a moderator.

I assume this is yours:

http://www.bleepingcomputer.com/forums/topic125517.html

If so, it looks like you still have malware:

O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no
file)

See:

http://www.castlecops.com/tk30341-Protection_Bar.html

You should post again to HijackThis Logs and Malware Removal forum:

http://www.bleepingcomputer.com/forums/forum22.html

Tell them you suspect:

"ProtectionBar, rogue 'security software', related to the notorious
PS_Guard/SpywareQuake/WinAntivirus foistware and detected as a variant
of the FakeAle aka Zlob or Puper trojan."

Please confirm if that is your post. If so, there are other things I
noticed that you should fix. But it would actually be best to follow the
advice of the experts from that particular forum.

I suppose my biggest memory hog is my ImageX program(Dell Imagining)
which you and Gerry asked about but it's a program I use quite allot
and I like it very much.

I didn't see it in that log. Have you temporarily disabled it?

However I have been moving the bulk of my jpg
and other files to disk; while I understand this isn't going to make
my computer run faster it should help speed up my scans since those
files are no longer there.

I'm not sure that would speed anything up at all (unless there is some
sort of cache issue with that program).

How do I image my hard drive?

With an imaging program such as Acronis True Image.

I'll give it a try if you tell me how to image my hard drive. (It kind
of sounds like cloning my drive to a external backup) I do have System
Restore but I assume what your talking about is a true imagin of my
operating system.

It's similar to cloning. This should help:

http://groups.google.com/group/microsoft.public.windowsxp.general/msg/b69de2dfca9b7779

Although it's always a good idea to periodically image your disk, it's
quite possible you'll never need to restore that image. Think of it as
insurance. And chances are System Restore will work, so just make sure
you have restore points.

 

[Robert]

I assume this is yours:

http://www.bleepingcomputer.com/forums/topic125517.html

If so, it looks like you still have malware:

O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no
file)

See:

http://www.castlecops.com/tk30341-Protection_Bar.html

You should post again to HijackThis Logs and Malware Removal forum:

http://www.bleepingcomputer.com/forums/forum22.html

Tell them you suspect:

"ProtectionBar, rogue 'security software', related to the notorious
PS_Guard/SpywareQuake/WinAntivirus foistware and detected as a variant
of the FakeAle aka Zlob or Puper trojan."

Please confirm if that is your post. If so, there are other things I
noticed that you should fix. But it would actually be best to follow the
advice of the experts from that particular forum.

Yes, that is my post. To be honest, I found posting on bleeping
computer to be a bit confusing and as you see I did it wrong the first
time around. I had no idea it would get this involved since I thought
the anti-virus/malware/firewall programs I have should catch these.

I didn't see it in that log. Have you temporarily disabled it?

No, I haven't disabled it but perhaps I'm speaking of apples and
oranges on my part.

I'm not sure that would speed anything up at all (unless there is some
sort of cache issue with that program).

I guess I don't understand how computers work very well. I thought
since it had to scan say for example 60 jpg folders and now there is
only 1 I thought it would decrease the amount of scan time?

With an imaging program such as Acronis True Image.


It's similar to cloning. This should help:

http://groups.google.com/group/microsoft.public.windowsxp.general/msg...

Although it's always a good idea to periodically image your disk, it's
quite possible you'll never need to restore that image. Think of it as
insurance. And chances are System Restore will work, so just make sure
you have restore points.

I will check over once again what you've given me and give it all a
try. I also ordered (2) 256MB sticks from StarMicro today and just
hope they arrive and all goes well(fingers crossed). As I said, I
called them to make sure they had them in stock so that shouldn't be
an issue.




Robert

 

[Robert]

Yes, that is my post. To be honest, I found posting on bleeping
computer to be a bit confusing and as you see I did it wrong the first
time around. I had no idea it would get this involved since I thought
the anti-virus/malware/firewall programs I have should catch these.





No, I haven't disabled it but perhaps I'm speaking of apples and
oranges on my part.





I guess I don't understand how computers work very well. I thought
since it had to scan say for example 60 jpg folders and now there is
only 1 I thought it would decrease the amount of scan time?










I will check over once again what you've given me and give it all a
try. I also ordered (2) 256MB sticks from StarMicro today and just
hope they arrive and all goes well(fingers crossed). As I said, I
called them to make sure they had them in stock so that shouldn't be
an issue.

Robert- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -

I posted my Hikack log once again to BleepingComputer with your
suggestions and just hope I did it right this time and get some
replies.

I ran Spybot, A-squared, Avast, and AVG and all came up with nothing.


Robert

 

[Robert]

Please confirm if that is your post. If so, there are other things I
noticed that you should fix. But it would actually be best to follow the
advice of the experts from that particular forum.

What other things did you notice that I should fix?


Robert

 

[Robert]

With an imaging program such as Acronis True Image.


It's similar to cloning. This should help:

http://groups.google.com/group/microsoft.public.windowsxp.general/msg...

Although it's always a good idea to periodically image your disk, it's
quite possible you'll never need to restore that image. Think of it as
insurance. And chances are System Restore will work, so just make sure
you have restore points.

It seems before I attempt to do a Clean Boot I need to purchase
Acronis so that I can image my hard drive, correct? If so, I have to
wait till my next check,...

Robert

 

[Daave]

What other things did you notice that I should fix?

First, I noticed you have an Adobe (Acrobat?) ActiveX Control:
AcroIEHelper.ocx, which is an unnecessary waste of memory. It's possible
to configure Adobe Reader to run less obtrusively:

http://weblogs.mozillazine.org/asa/archives/007183.html

But, you may be happier just uninstalling Adobe Reader completely and
going with the much leaner Foxit PDF reader:

http://www.foxitsoftware.com/pdf/rd_intro.php

Also, I would stay away from all toolbars; there seem to be *three* on
your system (Yahoo, MSN Search, and Google)! I'd uninstall them all.

If you don't use MSN Messenger, you should uninstall it.

There are tons of entries for Logitech Desktop Messenger. If you don't
use it, uninstall it.

There are entries for AVG, Avast, and Kaspersky. Are you using them all?
Are you sure there are no conflicts? I also noticed an entry for
Symantec; what is that to?

 

[Daave]

It seems before I attempt to do a Clean Boot I need to purchase
Acronis so that I can image my hard drive, correct? If so, I have to
wait till my next check,...

Not necessarily. I would just make sure you back up your data (which you
should do regularly, anyway) and have a valid restore point in System
Restore (ditto).

If you want a free imaging program, you can try DriveImage XML:

http://www.runtime.org/dixml.htm

But Acronis does seem to be the overwhelming favorite! YMMV.

 

[Daave]

No, I haven't disabled it but perhaps I'm speaking of apples and
oranges on my part.

I'm not so sure ImageX ("Image Expert," I believe) is a memory hog, but
I do recall a mention of it in one of your error reports. I know nothing
of this program. I suggest if you want to continue using it and if you
experience further issues with it, post these concerns in a Dell forum.

I guess I don't understand how computers work very well. I thought
since it had to scan say for example 60 jpg folders and now there is
only 1 I thought it would decrease the amount of scan time?

Again, I don't know how that program works. And I'm not sure what you
mean by the term "scanning." To me, scanning is what antivirus apps.,
etc. do. Best to ask in a forum with people who run this program. But I
suppose you could easily measure whether or not there is a decreased
"amount of scan time" with a stopwatch.

 

[Robert]

First, I noticed you have an Adobe (Acrobat?) ActiveX Control:
AcroIEHelper.ocx, which is an unnecessary waste of memory. It's possible
to configure Adobe Reader to run less obtrusively:

http://weblogs.mozillazine.org/asa/archives/007183.html

But, you may be happier just uninstalling Adobe Reader completely and
going with the much leaner Foxit PDF reader:

http://www.foxitsoftware.com/pdf/rd_intro.php

I removed Adobe, as I never use it. The only reason I had it was that
it came with the software (internal manual) when I upgraded my CD
player to DVD/RW player.

Also, I would stay away from all toolbars; there seem to be *three* on
your system (Yahoo, MSN Search, and Google)! I'd uninstall them all.

Regarding toolbars, I show that my menu bar and status bar are checked
and that my toolbars are locked. What I see is my taskbar at the
bottom, and then at the top I believe is the menu bar with file edit
view etc, then below that is status bar with my favorites, home,
print, etc. I don't see a google toolbar although when I started to
remove it, it said that I use it frequently, so I backed out of it and
I do go onto Google allot. I did delete the Yahoo toolbar however.

If you don't use MSN Messenger, you should uninstall it.

I don't use MSN per se very much but I like the icon that lets me know
when there is mail and my computer and Hotmail 'seem' to run better
with it than without it. I know that doesn't make sense.

There are tons of entries for Logitech Desktop Messenger. If you don't
use it, uninstall it.

Logitech is for my wireless mouse.

There are entries for AVG, Avast, and Kaspersky. Are you using them all?
Are you sure there are no conflicts? I also noticed an entry for
Symantec; what is that to?

After I removed Norton(Symantec) Anti-virus and firewall off my system
I asked about some good replacement programs and ended up with Spybot,
AVG, A-Squared and Comodo, and thought I was well protected. I added
Avast and Kapersky at your suggestion when we were searching for
possible problems. Yes, I am using them all but run them separately
and certainly not on a daily basis otherwise it's all I would be
doing. No, I'm not sure there are no conflicts. Should I just delete
Avast and Kapersky?

I'm suprised that I still have Symantec on my system as I thought I
had thoroughly removed it.



Robert

 

[Robert]

Not necessarily. I would just make sure you back up your data (which you
should do regularly, anyway) and have a valid restore point in System
Restore (ditto).

If you want a free imaging program, you can try DriveImage XML:

http://www.runtime.org/dixml.htm

But Acronis does seem to be the overwhelming favorite! YMMV.

I think before running a Clean Boot the malware issue needs to be
resolved first. As yet I haven't heard anything from BleepingComputer.


Robert

 

[Robert]

I'm not so sure ImageX ("Image Expert," I believe) is a memory hog, but
I do recall a mention of it in one of your error reports. I know nothing
of this program. I suggest if you want to continue using it and if you
experience further issues with it, post these concerns in a Dell forum.

I guess I'm not understanding. I realize ImageX is a memory hog after
all it is a Dell Imaging System but I'm not having problems with it.
It's a place where I store all my images in multiple folders and I'm
able to crop, and manipulate the images with color and special effects
and do all sorts of things.

Again, I don't know how that program works. And I'm not sure what you
mean by the term "scanning." To me, scanning is what antivirus apps.,
etc. do. Best to ask in a forum with people who run this program. But I
suppose you could easily measure whether or not there is a decreased
"amount of scan time" with a stopwatch.

What I mean by the term scanning is exactly what you thought,.. AVG,
Spybot, etc. Do noit all of these programs scan each file looking for
virus's and malware and if there are less files to look at doesn't
that make the scan go faster?

As far as forums,.... my malware problem has been viewed 15 times on
BleepingComputer and not one response!

Robert

 

[Robert]

There are entries for AVG, Avast, and Kaspersky. Are you using them all?
Are you sure there are no conflicts? I also noticed an entry for
Symantec; what is that to?

I would like to remove all Symantec products from my computer once and
for all, suggestions?

Also, if I don't need AVG, Avast, and Kapersky then what would you
recommend I keep?


Robert

 

[Robert]

I would like to remove all Symantec products from my computer once and
for all, suggestions?

Also, if I don't need AVG, Avast, and Kapersky then what would you
recommend I keep?

Robert

I did a search for 'Symantec' in all files and folders on the C: drive
and seems like it's finally, hopefully off my computer.


Robert

 

[Gerry]

Robert

None of the issues Daave has raised relate to malware save for
O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no
file)

This clearly represents a problem:
http://search.live.com/results.aspx?q=a2595f37-48d0-46a1-9b51-478591a97764&scope=&first=11&FORM=PORE

Unfortunately when one Trojan gains entry it can hold the door open and
invite friends in.

Al the other points I think relate to whether you have extra software
which may best off a system with limited "resources", which given you
only have 256 mb RAM is how I would classify your computer. The extra
RAM will make a lot of difference.

You do not have to be so defensive over Adobe. It is pushed at new users
from every direction. It is useful to those who like to edit pdf files
but most users like just to read and print. Foxit has a much smaller
footprint than Adobe and anyone wanting speedier performance will
appreciate this, whether they have limited or abundant "resources. The
switch to Foxit is driven by users exchanging experiences and not by
marketting, where Adobe has all the cards.

Removing all traces of Symantec has for many years been a problem. The
most experienced users can have difficulties. You just have to remove
what you find taking care not to damage the Registry when doing so. If
in doubt leave it alone as it is unlikely to have a noticeable impact on
performance. If you remove orphaned start ups using Autoruns you can
forget about any other traces.

Messenger can be problematic to remove. Although frequently unused it's
removal can have unwanted side effects. Just stop it from loading on
start up.

You will not get a speedy response from Bleeping Computer. You may have
to wait a few days, perhaps a week, before they offer initial advice.
Bleeping Computer will probably volunteer some advice when the present
infestation is removed on how to improve your security arrangements .
FWIW I also see their administration as a little over the top.

I am not sure what anti-spyware programme you are relying on for real
time protection. Some programmes only provide for ad hoc scanning. If
you do not have real time protection this may explain your infestation.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Daave]

Regarding toolbars, I show that my menu bar and status bar are checked
and that my toolbars are locked. What I see is my taskbar at the
bottom, and then at the top I believe is the menu bar with file edit
view etc, then below that is status bar with my favorites, home,
print, etc. I don't see a google toolbar although when I started to
remove it, it said that I use it frequently, so I backed out of it and
I do go onto Google allot. I did delete the Yahoo toolbar however.

When you say your "toolbars are locked," what do you mean? It sounds
like you're talking about your IE toolbar. I'm talking about add-on
software which could possibly slow you down. Personally, I don't think
it's necessary to use any such add-on toolbars. My home page is Google.
If you prefer another home page, Google is easy enough to bookmark. Just
a suggestion.... Also, you didn't mention your MSN Search toolbar. If
you want an add-on browser toolbar, one should be enough.

I don't use MSN per se very much but I like the icon that lets me know
when there is mail and my computer and Hotmail 'seem' to run better
with it than without it. I know that doesn't make sense.

Since you use MSN Messenger (albeit not that often), don't uninstall it
then. But you can configure it so it doesn't always run at startup,
eating up resources. And whenever you *do* need it, you can still run
it.

Logitech is for my wireless mouse.

Yes, but do you need to run the Logitech Desktop Messenger? See:

http://www.windowsstartup.com/wso/detail.php?id=1482

"Automatically checks for software upgrades AND new products, services
and special offerings from Logitech"

This isn't necessary. I would disable it; your mouse will still work
fine.

After I removed Norton(Symantec) Anti-virus and firewall off my system
I asked about some good replacement programs and ended up with Spybot,
AVG, A-Squared and Comodo, and thought I was well protected. I added
Avast and Kapersky at your suggestion when we were searching for
possible problems. Yes, I am using them all but run them separately
and certainly not on a daily basis otherwise it's all I would be
doing. No, I'm not sure there are no conflicts. Should I just delete
Avast and Kapersky?

Is Kaspersky just a trial? If not, that means you paid for it, and since
it's one of the highest-rated AV apps, keep it! (BTW, I don't recall
recommending Kaspersky in this thread. Their online scan, yes, but not
the application.)

No need to uninstall any apps necessarily. Just make sure you're not
running them at the same time (and this includes real-time scanning).
You need to get into the preferences and configure settings there.
Another way is Autoruns, but I would only use that if you can't do it
any other way.

I'm suprised that I still have Symantec on my system as I thought I
had thoroughly removed it.

Symantec is notorious for this behavior. Have a look at:

http://basconotw.mvps.org/SymRem.htm

 

[Robert]

Robert

None of the issues Daave has raised relate to malware save for
O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no
file)

This clearly represents a problem:http://search.live.com/results.aspx?q=a2595f37-48d0-46a1-9b51-478591a...

Unfortunately when one Trojan gains entry it can hold the door open and
invite friends in.

Al the other points I think relate to whether you have extra software
which may best off a system with limited "resources", which given you
only have 256 mb RAM is how I would classify your computer. The extra
RAM will make a lot of difference.

You do not have to be so defensive over Adobe. It is pushed at new users
from every direction. It is useful to those who like to edit pdf files
but most users like just to read and print. Foxit has a much smaller
footprint than Adobe and anyone wanting speedier performance will
appreciate this, whether they have limited or abundant "resources. The
switch to Foxit is driven by users exchanging experiences and not by
marketting, where Adobe has all the cards.

Removing all traces of Symantec has for many years been a problem. The
most experienced users can have difficulties. You just have to remove
what you find taking care not to damage the Registry when doing so. If
in doubt leave it alone as it is unlikely to have a noticeable impact on
performance. If you remove orphaned start ups using Autoruns you can
forget about any other traces.

I did check this on Autoruns but still I would like to remove any
traces of Symantec from my computer as from my own experience it
causes nothing but problems. I did a search for 'Symantec' under files
and folders under C: and then deleted them one by one and then emptied
the Recycle bin. Oddly, today I had two emails stating that my
Symantec firewall was automatically renewed! I checked the Add/Remove
program and thankfully it wasn't there and junked the emails. Odd

Messenger can be problematic to remove. Although frequently unused it's
removal can have unwanted side effects. Just stop it from loading on
start up.

You will not get a speedy response from Bleeping Computer. You may have
to wait a few days, perhaps a week, before they offer initial advice.
Bleeping Computer will probably volunteer some advice when the present
infestation is removed on how to improve your security arrangements .
FWIW I also see their administration as a little over the top.

I am not sure what anti-spyware programme you are relying on for real
time protection. Some programmes only provide for ad hoc scanning. If
you do not have real time protection this may explain your infestation.

I thought all the anti-virus programs were real time. As I said I now
have AVG, Avast, Kapersky along with Spybot, A-Squared, and Comodo.

After I 'removed' Symantec I asked for suggestions for a replacement
and thought I was well protected. If you have any recommendations for
a real time Anti-virus or to change what I have I would appreciate
it.

Robert

 

[Robert]

When you say your "toolbars are locked," what do you mean?

I right clicked on the IE toolbar and gave you what it showed. I guess
I downloaded these other toolbars at some point but don't see them on
my screen.

I've uninstalled Google and Yahoo toolbars and went into Autoruns and
unchecked MSNMessenger so it won't start-up.


I've uninstalled the Desktop Messenger

Is Kaspersky just a trial? If not, that means you paid for it, and since
it's one of the highest-rated AV apps, keep it! (BTW, I don't recall
recommending Kaspersky in this thread. Their online scan, yes, but not
the application.)

I apoligize, your quite correct regarding Kapersky, its their online
trial version. I think from what your saying I need to have one good
real-time application running in real time that won't conflict with
the other applications. I think Avast is also a online trail version.
I choose AVG because it was free and came highly recommended.

I would prefer to have only (1) anti-virus running as it's time
consuming even with what I originally had. So I will try and configure
AVG to run in real time although I'm not sure if it will conflict with
Avast and Kapersky?

No need to uninstall any apps necessarily. Just make sure you're not
running them at the same time (and this includes real-time scanning).
You need to get into the preferences and configure settings there.
Another way is Autoruns, but I would only use that if you can't do it
any other way.

Symantec is notorious for this behavior. Have a look at:

http://basconotw.mvps.org/SymRem.htm

As I noted in my reply to Gerry, I think I finally have removed all of
Symantec products(I hope), and checked autoruns and it isn't there.
However, what is strange is that I recieved (2) emails stating that my
Symantec firewall is automatically renewed. I junk filed both messages
and checked to see if indeed I have any Symantec products in the Add/
Remove program.


I suppose at this point its a matter of waiting for the (2) sticks of
256 RAM which I hope arrive, and resolving the malware issue.

Any other suggestions or recommendations?


Robert

 

[Gerry]

Robert

Anti-virus and anti-virus programmes are not the same. I was asking
about anti-spyware programmes. You can find composites that cover both
aspects.

With regard to anti-spyware programmes you will find that some have free
versions not providing real time protection with corresponding paid
versions providing real time protection. You need to know exactly what
you have installed.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Robert]

Robert

Anti-virus and anti-virus programmes are not the same. I was asking
about anti-spyware programmes. You can find composites that cover both
aspects.

With regard to anti-spyware programmes you will find that some have free
versions not providing real time protection with corresponding paid
versions providing real time protection. You need to know exactly what
you have installed.

--

Hope  this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

You have to bear with me, as I'm not as computer literate as you and
Daave. For example I thought these were the same: Anti-virus and anti-
virus programmes.

This is what I think I have; a free version of AVG, Spybot, A-Squared
and Comodo anda free trial version of Avast and Kapersky. If I'm not
getting this or other things right please explain them to me so that
were talking on the same page.

Understand that I'm on a rather limited fixed income and this is why I
went with these free versions but if you and Daave could recommend a
good virus protection program such as Kapersky that would protect my
system better then I suppose I can pay for it although if I can get
around having to pay for it I would rather do that.


Robert

 

[Robert]

Robert

Anti-virus and anti-virus programmes are not the same. I was asking
about anti-spyware programmes. You can find composites that cover both
aspects.

With regard to anti-spyware programmes you will find that some have free
versions not providing real time protection with corresponding paid
versions providing real time protection. You need to know exactly what
you have installed.

--

Hope  this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I went into the settings of Avast, Kapersky and AVG and didn't see
anything to make them run in real time. Perhaps its because they are
free and free trial versions?

I understand what you mean that some programs offer protection from
virus's and spyware, hackers etc such as upgrading my AVG or buying
Kapersky.

Although you mention that I wouldn't hear from Bleeping computer for
awhile it's been viewed 21 times with no responses. Perhaps they are
just analyzing the problem?

I think after I get the (2) sticks installed and the malware problem
resolved I'll do a Clean Boot as Daave suggested just to make sure
everything is ok. What do you think?


Robert