Computer running slow.

This past 1-2 days my computer has been running quite slowly. I defragged and used ccleaner to kill junk but it has been slow still.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:42 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4309 bytes

 

Hi Radiance

I'm not seeing anything bad in your log.

Lets run another tool and see what it shows.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the "main.txt" log only for now.

Thanks
Geri

 

Deckard's System Scanner v20071014.68
Run by Tony Ke on 2008-01-01 11:30:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-01-01 19:30:41 UTC - RP182 - Deckard's System Scanner Restore Point
5: 2008-01-01 02:36:32 UTC - RP181 - Installed Steam
4: 2008-01-01 02:33:35 UTC - RP180 - Removed Steam
3: 2008-01-01 02:32:51 UTC - RP179 - Installed ATI Catalyst Registration
2: 2008-01-01 02:18:13 UTC - RP178 - Installed ATI Catalyst Control Center


-- First Restore Point --
1: 2008-01-01 01:06:59 UTC - RP177 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Tony Ke.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:57 AM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tony Ke\My Documents\Downloads\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TONYKE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4276 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071204-065216-387 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
backup-20071204-065216-440 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071204-065216-607 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071210-192502-315 O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 npkcrypt - c:\program files\maplestory\npkcrypt.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 npkcusb - c:\program files\maplestory\npkcusb.sys (file missing)
S3 XDva014 - c:\windows\system32\xdva014.sys (file missing)
S3 XDva015 - c:\windows\system32\xdva015.sys (file missing)
S3 XDva042 - c:\windows\system32\xdva042.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: USB Human Interface Device
Device ID: USB\VID_046D&PID_C517&MI_00\6&3A021F66&0&0000
Manufacturer: (Standard system devices)
Name: USB Human Interface Device
PNP Device ID: USB\VID_046D&PID_C517&MI_00\6&3A021F66&0&0000
Service: HidUsb


-- Files created between 2007-12-01 and 2008-01-01 -----------------------------

2007-12-31 18:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-31 18:36:35 0 d-------- C:\Program Files\Steam
2007-12-31 17:59:03 0 dr-h----- C:\Documents and Settings\Tony Ke\Recent
2007-12-24 15:57:02 0 d-------- C:\Documents and Settings\Tony Ke\.housecall6.6
2007-12-09 17:15:18 0 d-------- C:\Documents and Settings\Tony Ke\Application Data\Secret of the Solstice
2007-12-09 16:47:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2007-12-09 14:50:31 65536 --a------ C:\WINDOWS\IFinst27.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-31 21:21:01 0 d-------- C:\Documents and Settings\Tony Ke\Application Data\AVG7
2007-12-31 18:19:02 0 d-------- C:\Program Files\ATI Technologies
2007-12-31 14:31:26 0 d-------- C:\Documents and Settings\Tony Ke\Application Data\VERITAS
2007-12-30 08:29:01 0 d-------- C:\Documents and Settings\Tony Ke\Application Data\Azureus
2007-12-24 15:35:14 0 d-------- C:\Documents and Settings\Tony Ke\Application Data\LimeWire
2007-12-22 10:06:06 0 d-------- C:\Program Files\RagnarokBattleOffline
2007-12-15 21:22:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-05 14:17:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-11-15 19:30:56 0 d-------- C:\Program Files\Ventrilo
2007-11-15 19:30:43 0 d-------- C:\Program Files\Common Files
2007-11-15 19:30:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 13:15:55 0 d-------- C:\Program Files\VERITAS Software
2007-10-19 21:25:18 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 08:17 AM]
"SoundMan "= "SOUNDMAN.EXE" [03/24/2005 05:20 AM C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [11/02/2001 08:25 AM]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"AIM "= "C:\Program Files\AIM\aim.exe" [08/01/2006 02:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-01-01 11:31:37 ------------

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.48 MiB / 575.33 MiB
Pagefile Memory (total/avail): 2462.33 MiB / 2023.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 189.91 GiB total, 155.22 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y200P0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.91 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe "= "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\\Program Files\\MapleStory\\MapleStory.exe "= "C:\\Program Files\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory "
"C:\\Program Files\\FreeStyle Street Basketball\\FreeStyle.exe "= "C:\\Program Files\\FreeStyle Street Basketball\\FreeStyle.exe:*:Enabled:FreeStyle "
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe "= "C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\DriftCity\\DriftCity.exe "= "C:\\Program Files\\DriftCity\\DriftCity.exe:*:EnabledriftCity "
"C:\\Program Files\\mIRC\\mirc.exe "= "C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC "
"C:\\Program Files\\Azureus\\Azureus.exe "= "C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus "
"C:\\Program Files\\Steam\\steamapps\\alizairearap\\counter-strike source\\hl2.exe "= "C:\\Program Files\\Steam\\steamapps\\alizairearap\\counter-strike source\\hl2.exe:*:Enabled:hl2 "
"C:\\Program Files\\MapleStory\\Patcher.exe "= "C:\\Program Files\\MapleStory\\Patcher.exe:*:Enabledatcher MFC ?? ???? "
"C:\\Program Files\\MapleStory\\NewPatcher.exe "= "C:\\Program Files\\MapleStory\\NewPatcher.exe:*:Enabledatcher MFC ?? ???? "
"C:\\ijji\\ENGLISH\\u_skid.exe "= "C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:<ijji Downloader> "
"C:\\Program Files\\Steam\\steamapps\\uptheironshero\\counter-strike source\\hl2.exe "= "C:\\Program Files\\Steam\\steamapps\\uptheironshero\\counter-strike source\\hl2.exe:*:Enabled:hl2 "
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe "= "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tony Ke\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TONY-54KKPU1EKZ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tony Ke
LOGONSERVER=\\TONY-54KKPU1EKZ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TONYKE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TONYKE~1\LOCALS~1\Temp
USERDOMAIN=TONY-54KKPU1EKZ
USERNAME=Tony Ke
USERPROFILE=C:\Documents and Settings\Tony Ke
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tony Ke (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x642e
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Azureus --> C:\Program Files\Azureus\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
Fraps (remove only) --> "C:\Program Files\Fraps\uninstall.exe "
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 825c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 825c series
hp deskjet 825c series (Remove only) --> C:\Program Files\hp deskjet 825c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=825c -huninstall
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Ragnarok Battle Offline --> C:\Program Files\RagnarokBattleOffline\Uninstal.exe
RBO Extra Scenario Vol.1 --> "C:\Program Files\RagnarokBattleOffline\ExScenario1\unins000.exe "
RBO Extra Scenario Vol.2 --> "C:\Program Files\RagnarokBattleOffline\ExScenario2\unins000.exe "
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VERITAS RecordNow DX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe "
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6604 / Success
Event Submitted/Written: 01/01/2008 11:04:20 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6586 / Success
Event Submitted/Written: 12/31/2007 06:46:47 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6575 / Error
Event Submitted/Written: 12/31/2007 06:32:13 PM
Event ID/Source: 11316 / MsiInstaller
Event Description:
Product: Steam -- Error 1316. A network error occurred while attempting to read from the file: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\steam\SteamInstall.msi

Event Record #/Type6538 / Success
Event Submitted/Written: 12/31/2007 05:03:56 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6524 / Success
Event Submitted/Written: 12/31/2007 03:46:25 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type82027 / Warning
Event Submitted/Written: 01/01/2008 11:20:53 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type82008 / Error
Event Submitted/Written: 01/01/2008 11:02:44 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type82003 / Error
Event Submitted/Written: 01/01/2008 00:37:53 AM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type82002 / Error
Event Submitted/Written: 12/31/2007 11:57:16 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type82001 / Warning
Event Submitted/Written: 12/31/2007 11:07:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-01 11:31:37 ------------

 

Hi Radiance

Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
I strongly recommend removing any P2P applications.

We need to have a file scanned.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page:
  
  • C:\WINDOWS\IFinst27.exe
• Click on the submit button
  
• Please post the results in your next reply.

There have been a number of complaints on systems slowing down.
You have AIM running at start up and this may or may not be the problem.
I would stop it from running at start up, you can always start it manually.

Please post the Jotti results.

Thanks
Geri

 

File: IFinst27.exe
Status:
INFECTED/MALWARE
MD5: 9c17bca3ef837bacded7e4299508e71d
Packers detected:
UPX
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 01 Jan 2008 22:33:28 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan-Downloader.Win32.Banload.tn

 

Hi Radiance
OK That files OK.
I'm not seeing any malware.

Did you stop AIM from starting at start up?

If so did your speed increase?

You have plenty of RAM and Disk space and you don'y really have that much running at start up.?

Did you download any games or programs just before it slowed down?

We can run a on-line scan to check for infections.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Geri

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 02, 2008 1:28:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501678
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 40685
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:50:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Aim\zpazwwce\T0nyism\cert8.db Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Aim\zpazwwce\T0nyism\key3.db Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\cert8.db Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\history.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\key3.db Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\parent.lock Object is locked skipped
C:\Documents and Settings\Tony Ke\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Tony Ke\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Messenger\funnymaxim@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Messenger\funnymaxim@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Messenger\funnymaxim@hotmail.com\SharingMetadata\Working\database_702C_CED1_2CCE_9190\dfsr.db Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Messenger\funnymaxim@hotmail.com\SharingMetadata\Working\database_702C_CED1_2CCE_9190\fsr.log Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Messenger\funnymaxim@hotmail.com\SharingMetadata\Working\database_702C_CED1_2CCE_9190\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Messenger\funnymaxim@hotmail.com\SharingMetadata\Working\database_702C_CED1_2CCE_9190\tmp.edb Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Windows Live Contacts\funnymaxim@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Microsoft\Windows Live Contacts\funnymaxim@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tnouy62a.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\History\History.IE5\MSHist012008010220080103\index.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temp\~DF61F0.tmp Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temp\~DF6206.tmp Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temp\~DF6CBD.tmp Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temp\~DF6D5D.tmp Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temp\~ROMFN_00000D24 Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\ntuser.dat Object is locked skipped
C:\Documents and Settings\Tony Ke\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8975B140-C0DD-4EC8-9F4B-33273E0B05D2}\RP185\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Did you stop AIM from starting at start up?

Yes

If so did your speed increase?

No

You have plenty of RAM and Disk space and you don'y really have that much running at start up.?

Did you download any games or programs just before it slowed down?

Nope.

 

Hi Radiance
OK, Your system is clean,
This is the only thing Kaspersky is showing, and it's not a virus, it's more "risk ware" because it can be exploited.
That is if "you" downloaded it.

C:\Program Files\mIRC\mirc.exe

I don't see any reason for this slow down?

These come up showing new in the last month...Files created between 2007-12-01 and 2008-01-01
C:\Program Files\Steam
C:\Documents and Settings\Tony Ke\Application Data\Secret of the Solstice
C:\Documents and Settings\All Users\Application Data\Outspark
C:\WINDOWS\IFinst27.exe << I'm guessing this file has something to do with one of these games.

You could try to uninstall one game at a time and see if one could be the culprit.

These also are not needed at start up.

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
Puts the ATI Catalystâ„¢ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs

C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSN Messenger utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts "

C:\WINDOWS\system32\ctfmon.exe
CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. CTFMON can be disabled from Control Panel, Text & Speech Services.

Here is a web page you can go through by miekiemoes, She has some good information and tips that may help.
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Geri

 

Hi
Also.
I strongly suggest you get rid of all your P2P file sharing apps.

You're just asking for a infected system.

Geri

 

Well i uninstalled Secret + Outspark long time ago and i can't find where to disable CLIstart.exe or CTFMON.exe

 

Hi
Click Start>Run type in msconfig click on the startup tab.

Uncheck the box for each, then OK and restart your computer.
Not sure if CLIstart.exe wil be there, I don't have ATI.

OK the window that comes up after restart.

Geri

 

should i delete that exe just for heck of it?

 

Hi
It's not a system file, but it could be needed to run one of the games.

I would rename it to, IFinst27.old then if your games seems to work OK then delete it.
If not You can always go back and rename it to .exe

Geri

 

hmmm still the same.

maybe the hard drive is starting to fail or die?

 

Hi Radiance
My best suggestion now would be to post in the WindowsXP form.

Try cleaning out the inside of your tower, Turn off, unhook all power running to it, open it up and use compressed air. Don't blow on the fans so they spin.
Heat is not good, so maybe it needs a cleaning.

Maybe someone there would have a idea. Make sure you let them know you've been here and your system is clean.

Geri.