Is my PC infected with a trojan?

[dixierose]

This is my work PC and when I came down to the office the other day and turned it on the date was rolled back to February 24, 2004. PC is running very, very slow. Looked around a little and found:

In the start/all programs list about a third of the programs installed were highlighted as recently installed.

Message stating "found new hardware - multimedia audio controller"

Opened Outlook Expresss - got message " The server you are connected to is using a security certificate that could not be verified. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Do you want to continue using this server.

Ran Malwarebytes: found no problems.
Ran SuperAntispyware: found Trojan.Agent/Gen-FakeAlert[Avenger]

Came to this board and downloaded HijackThis. Here are all 3 logs. Logs are dated as February 2004, but were actually done over the past 3 days.

AS ADVISED...I HAVE NOT CHANGED ANYTHING TO MY PC.
Is my PC infected? Sure hope you can help me out...many thanks!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4883

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/27/2004 10:30:03 AM
mbam-log-2004-02-27 (10-30-03).txt

Scan type: Quick scan
Objects scanned: 136761
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

...........................................................................................
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/24/2004 at 09:45 AM

Application Version : 4.44.1000

Core Rules Database Version : 5696
Trace Rules Database Version: 3508

Scan type : Complete Scan
Total Scan Time : 00:42:31

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 7376
Registry threats detected : 4
File items scanned : 22005
File threats detected : 50

Adware.ShopAtHomeSelect
HKU\S-1-5-21-1957994488-484763869-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.CouponBar
HKU\S-1-5-21-1957994488-484763869-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Adware.Tracking Cookie
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@legolas-media[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@media6degrees[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@pointroll[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@interclick[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@lynxtrack[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@lucidmedia[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@collective-media[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@chitika[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@couponmountain[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@mynortonaccount[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][5].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@specificmedia[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@invitemedia[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@adxpose[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@advertise[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@yourrxdiscounts[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@atdmt[2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][4].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@adinterax[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@dealtime[1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeanniekaye\Cookies\jeanniekaye@crackle[2].txt
a.ads2.msads.net [ C:\Documents and Settings\Jeanniekaye\Application Data\Macromedia\Flash Player\#SharedObjects\DCZ3CKCL ]
ads2.msads.net [ C:\Documents and Settings\Jeanniekaye\Application Data\Macromedia\Flash Player\#SharedObjects\DCZ3CKCL ]
b.ads2.msads.net [ C:\Documents and Settings\Jeanniekaye\Application Data\Macromedia\Flash Player\#SharedObjects\DCZ3CKCL ]
cdn4.specificclick.net [ C:\Documents and Settings\Jeanniekaye\Application Data\Macromedia\Flash Player\#SharedObjects\DCZ3CKCL ]
core.insightexpressai.com [ C:\Documents and Settings\Jeanniekaye\Application Data\Macromedia\Flash Player\#SharedObjects\DCZ3CKCL ]

Trojan.Agent/Gen-FakeAlert[Avenger]
C:\RECYCLER\S-1-5-21-1957994488-484763869-725345543-1003\DC111.EXE

Adware.SelectRebates[SAH]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{80B5AAB1-E98C-44AD-AEB6-79C677811B38}\RP467\A0071596.DLL
................................................................................................
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:19 AM, on 2/27/2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [Smileycons] C:\Program Files\Smileycons\smileycons.exe
O4 - HKCU\..\Run: [Merriam-Webster 6] "C:\Program Files\Paragon Software\Merriam-Webster 6\run.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [WebEQ XP] "C:\Program Files\Blaze Audio\WebEQ Trial\WebEQ.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit in &Picnik - http://www.picnik.com/extensions/ie-import.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.healthgrades.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} (WSpell ActiveX Spelling Checker) - https://www.milneronline.com/wspellam.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.dorlands.com/images/hdr_bg.gif
O24 - Desktop Component 1: (no name) - http://www.dominicanhospital.org/stellent/groups/jsp/documents/webcontent/pageshadow.jpg
O24 - Desktop Component 2: (no name) - http://www.relyondrc.com/drctransite/Images/folder.GIF
O24 - Desktop Component 3: (no name) - http://www.usatechguide.org/core_images/banner.jpg
O24 - Desktop Component 4: (no name) - http://images.tomshardware.com/Design/graphics/tomshardware/header-background.gif
O24 - Desktop Component 5: (no name) - http://www.itsallaboutyouboutique.com//~stores/60518_medium.jpg

--
End of file - 9514 bytes

 

[johnb35]

Most likely all you got is a dead cmos battery on the motherboard. You need to replace it, fix the date and time and you should be back to normal. You are getting the certificate error because of the wrong date.

 

[dixierose]

Well that's good and bad.

You are certain my PC is not infected? I wonder why it is running SO slow. Yikes....I haven't a clue how to change the battery.

 

[dixierose]

Oh...eeekkkkk. Just remembered this little bit of info

Two to three weeks ago I tilted my PC forward to insert a flash drive in the back of PC. PC made a grinding noise. I quickly uprighted the PC and the noise quit. Think this is related to the battery going dead?

 

[johnb35]

You are certain my PC is not infected? I wonder why it is running SO slow. Yikes....I haven't a clue how to change the battery.

Yes I'm certain. It's very easy to replace the battery. All you have to do is pop it out of the socket, go to store that sells batteries and get an exact replacement which is most likely cr-2032.

Two to three weeks ago I tilted my PC forward to insert a flash drive in the back of PC. PC made a grinding noise. I quickly uprighted the PC and the noise quit. Think this is related to the battery going dead?

Leaning the tower forward wouldn't have anything to do with the battery going dead. The sound you heard probably was a cable hitting a fan. Batteries die after a few years and need to be replaced. How old is this system?

 

[dixierose]

Whew, that is wonderful news.

My PC is a Dell Dimension 8300 and is 6 years old. I think it does need more memory, but right now I am laid off. After reading all the comments on Newegg about the new memory sticks they bought were dead I thought it would be better to buy Dell memory although it is more expensive. I do have a lot of photos on my PC right now, but I am transferring them to an external hard drive, so maybe this is why it has been so slow. I Surely do appreciate your help.

I guess I better quit tilting my PC foward when inserting a flashdrive.

Again, many, many thanks!!

 

[johnb35]

My PC is a Dell Dimension 8300 and is 6 years old. I think it does need more memory, but right now I am laid off. After reading all the comments on Newegg about the new memory sticks they bought were dead I thought it would be better to buy Dell memory although it is more expensive. I do have a lot of photos on my PC right now, but I am transferring them to an external hard drive, so maybe this is why it has been so slow. I Surely do appreciate your help.

I guess I better quit tilting my PC foward when inserting a flashdrive.

Again, many, many thanks!!

There is no need to buy Dell memory.

I'm assuming you are running windows XP? If so, then 2gb of memory is enough for XP. Get this memory package and remove your existing memory sticks.

http://www.newegg.com/Product/Product.aspx?Item=N82E16820231039

 

[dixierose]

Oh my, I am overwhelmed at everyone's responses!

Thank you, thank you, thank you!! I am running Windows XP and will check out the memory package. I am a medical transcription and most all the companies still require Windows XP which is why I have not purchased a new work PC.
icarususer - I had no idea Windows Live IM could slow down a PC. My previous company required either Yahoo or Live IM to stay in touch. I am going to remove both and see if my PC speeds up. I am also going to look into the downloads you suggested.

My thanks to everyone!!

 

[johnb35]

How much memory is installed right now? If you are only running 256mb to 512mb then thats why your system is slow. You have some programs that could be stopped from running at bootup.

Please rerun hijackthis and place checks next to the following entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [Smileycons] C:\Program Files\Smileycons\smileycons.exe
O4 - HKCU\..\Run: [Merriam-Webster 6] "C:\Program Files\Paragon Software\Merriam-Webster 6\run.exe" /tray
O4 - HKCU\..\Run: [WebEQ XP] "C:\Program Files\Blaze Audio\WebEQ Trial\WebEQ.exe"
O15 - Trusted Zone: http://www.healthgrades.com/

Then click on fix checked at the bottom.

Also, it looks like you are using webpages as your desktop according to these entries.

O24 - Desktop Component 0: (no name) - http://www.dorlands.com/images/hdr_bg.gif
O24 - Desktop Component 1: (no name) - http://www.dominicanhospital.org/stellent/groups/jsp/documents/webcontent/pageshadow.jpg
O24 - Desktop Component 2: (no name) - http://www.relyondrc.com/drctransite/Images/folder.GIF
O24 - Desktop Component 3: (no name) - http://www.usatechguide.org/core_images/banner.jpg
O24 - Desktop Component 4: (no name) - http://images.tomshardware.com/Design/graphics/tomshardware/header-background.gif
O24 - Desktop Component 5: (no name) - http://www.itsallaboutyouboutique.com//~stores/60518_medium.jpg

These will also slow your system down. You should have hijackthis fix these if it can, sometimes it won't. If not, you'll have to go into your desktop properties and click on the web tab and remove everything in the box.

I see you are also running nortons and if you only have 512mb of ram or less then thats the main issue why you are slow.

 

[dixierose]

I have 1024 MB installed and PC is capable of 4096 MB. Will try to clean up some of the desktop icons, but some of them are shortcuts to websites I use all the time with my work eg: hospital websites for doctor names. There are some listed that I thought I had deleted. Will go to desktop properties and delete them.

Of note, I was printing something and decided against it so clicked on printer icon to delete it and saw someone else's printer listed.

Auto WebEx Document Loader on BECKY-920E50AC2

I am on Bluebird Wireless internet but have always had the "sharing network" turned off. Don't know why this has happened.

 

[johnb35]

I wasn't talking about icons on your desktop. I was talking about the 024 entries in hijackthis.

Do this.

Right click on open area of desktop and click on properties, click on the desktop tab, click on customize desktop, click on the web tab and delete all the items inside that box.

 

[dixierose]

okay, thanks. You can tell I don't know too much about computers!

 

[dixierose]

I did as John said (deleting items found with HijackThis and my PC is running much faster. To icarususer: I don't like Norton either...just didn't know what else to use. I am looking into all your suggestions and really appreciate you taking time to help me. Besides Norton I am running Malwarebytes (paid edition so that it runs in the background) and SuperAntiSpyware. I have to use either Live IM or Yahoo IM (instant message) to keep in touch with my boss. However, Yahoo is having major problems with spamming with someone inviting you to join their IM list and when you do it takes you to a porn site with virus/trojans, etc. I totally deleted Yahoo off my PC as I dont have to put up with such nonsense.

Never heard of Norton corrupting motherboard, eek!! I am NOT a fan of Norton and have thought of trying Kaspersky.

Thanks to everyone's suggestions - this is a fantastic board. You saved me the cost of a tech looking at my PC because I thought sure I had a virus/trojan.