# Computer very slow [moved from Security]



## Michaelluc (Apr 10, 2008)

Mine is too! system: 2.2ghz Intel Celeron, 256mb ddr sdram memory,60 gb hard drive, 64 mb ddr sdram Intel extreme graphics, running xp home don't know which sp. This has only been happening for a few weeks. I still have 50 gb left on HD. The system gets real loggy, restarts amazingly slow, sometimes kicks me off the interent, pops up a program not responding message way to often. I have been watching news and sports vidioes online lately could these have infected my system? Any ideas whats causing these things to occur?
I'm not very computer savy so please keep any responses simple - not to technical. Thanks for any and all help.


----------



## koala (Mar 27, 2005)

*Re: Computer bogging down and very slow!*

Hi Michaelluc, welcome to TSF

I'll move you to a new thread in the XP forum.

Your CPU and RAM are quite low for XP which could partly account for the sluggish feeling, but I suspect your computer is running even slower than usual.

You have enough free hard drive space. Do you defrag regularly?

Have you installed all the Microsoft Updates?

Go to Start > Control Panel > System > General tab to see if SP2 is installed.

What security software do you have installed? Firewall, anti-virus and anti-spyware? Are any of these programs set to run in the background scanning files in real-time?

Open Windows Explorer (My Computer), right-click your hard drive icon and select Properties. Remove the checkmark from the 'Allow Indexing Service to index this disk for fast file searching' box.

Go to Start > Control Panel > System > Advanced tab > Performance Settings button > Advanced tab > Virtual Memory Change button. Click the Custom Size button and change Initial and Maximum values to 2048. Click the Set button, then click OK to close these windows. Close down all programs and reboot. This will increase your virtual memory and change it from the default 'system managed' dynamic swap file to a static one.

Go to Start > Run > msconfig > Startup tab and post back with the list of program names in the Startup Item column. There might be some programs that can be disabled from running at startup to improve performance.


----------



## Michaelluc (Apr 10, 2008)

Thank you Koala,
Responding to your prompts top to bottom:
No, I haven't defraged. How do I do it?

I installed all the msupdates a few mins ago.

Yes, SP2 is installed on my system.

I have Norton. My inbound firewall protection was turned off. No clue how that happened. Anti-virus and anti-spyware were on. My Norton runs every Mon night. The only problem it finds is a low risk one../something about a tracking cookie which I always have then fix. How do I find out if these programs set to run in real time?

I was able to Remove the check mark from Allow indexing............

I was able to change Initial and Maximum values to 2048 but when I rebooted it still took a very LONG time to come up.

I couldn't find msconfig in Start>Run but I was able to type it in as a file and found System Config Util. where I found a startup tab. Was I in the right place? There are 37 checked programs. I don't want to waste your time. Should I send another post which includes them all? I will be happy to do that if it is going to help my system to boot up faster.

I have one other problem I didn't meantion in my first post: Whenever I bring my system up I get a warning msg that says LuCallbackProxy.exe
Unable to locate Component.
And This app. failed to start because NISRES.DLL was not found. Re-installing the app. may fix this prob. When I hit the OK button or the close X it just beeps at me and doesn't disappear. So I have been just moving it off my window. I don't know how to re-install the app. and couldn't find
either file on my hard drive. Any help would be appreciated but I can live with the problem if you are to busy.

Thanks, Michael


----------



## koala (Mar 27, 2005)

> No, I haven't defraged. How do I do it?


Defragmenting the hard drive every week or so keeps the files and folders in order, a bit like tidying a filing cabinet. Without regular defrags the files are spread randomly all over the hard drive, so moving them closer together (defragging) means faster access times and improved performance.

To defrag in Windows XP, disable your anti-virus temporarily, open Windows Explorer, right-click the hard drive and select Properties. Under the Tools tab, click the Defragment Now button. Click the Analyze button to see how badly fragmented the drive is, and click the Defragment button to begin. Depending on the size and condition of the drive, it could take an hour or more to complete. It will run quicker if you don't run any other programs while it's working.




> I was able to Remove the check mark from Allow indexing


Good. This feature is supposed to speed up searches, but all it really does is slow down the everyday running of Windows.




> I was able to change Initial and Maximum values to 2048 but when I rebooted it still took a very LONG time to come up.


Editing the msconfig startup list should help with this problem. Changing the virtual memory values to 2048 does not give a huge performance increase, but is an improvement on the default settings, and will be more noticeable when you're running a few programs at the same time.




> I have Norton...... How do I find out if these programs set to run in real time?


I've never used Norton, so I'll have to leave it for someone else to advise you on its settings or how to safely uninstall or reinstall it.




> Whenever I bring my system up I get a warning msg that says LuCallbackProxy.exe Unable to locate Component. And this app failed to start because NISRES.DLL was not found.


"_ucallbackproxy.exe is a process belonging to Norton/Symantec Internet Security which protects your computer against Internet-bound threats such as spyware and trojans which can be distributed through e-mail or attack directly to the computer allowing unauthorized access to your computer. This process in particular assist with software updates and is important for the stable and secure running of your computer and should not be terminated._"

Norton is known to be a resource hog, meaning it slows down the computer to an unacceptable level. Unless you have a paid subscription, I would advise replacing it with something better, especially with your system specs being so low for XP. We have a list of recommended security software (*http://www.techsupportforum.com/f174/pc-safety-and-security-what-do-i-need-115548.html*). Any of the free apps listed will be better than Norton and will improve Windows performance.




> I couldn't find msconfig in Start>Run but I was able to type it in as a file and found System Config Util


Sorry, I should have been clearer. You did the right thing by typing *msconfig* to bring up the System Config. Removing unncecessary programs from the list of 37 will certainly improve the startup time, and may also improve general performance. Post back with the full list, and indicate if any are not enabled (ie. no checkmark in the box).


Another thing you can do to improve performance is to disable Windows effects (things like menu fades). Go to Start > Run > Control Panel > System > Advanced tab > Performance Settings button. Under the Visual Effects tab, select 'Adjust for best performance'. Or select 'Custom' and choose which effects to remove.

Adding more RAM will give the highest performance boost. 512mb minimum, preferably 1gb.


----------



## Michaelluc (Apr 10, 2008)

Hi Koala,
I just did a very long post and can't find it @#$%&^*!

I learned how to defrag last nite and did it, yea. But I didn't temp. turn off anti-virus. In fact I looked all over Norton this am and couldn't find where I could disable it?

My Norton Sub. runs out in May so I will replace it with a diff. sec. sys.

I did change the perform. setting to adjust for best Perfor.

Here are the startup programs and they are all enabled:
Block tracker, hpsysdrv, hkcmd, hpgs2wnd, hpqcmon, KBD, autobar, RECGUARD, RUNDLL32, nwiz, ps2, ConMgr, ONETOU-2, real play, mwsoemon,igfxtray, hpztsbos, qttask, ALCXMNTR, ccApp, sqtray, SbOEAddOn, osCheck, rundll32, msmsgs, aim, PPWebCap, mwsoemon, ctfmon, hp center UI, hp center, MyWebSearch Ema..., Personal Coach, Quicken Scheduled..., BJ Status Monitor S..., Eyetider Launcher, MyWeb Search Ema...

Whats the ...must sign on as Admin to make these changes...? I didn't do it and still made the changes.

Got an error msg after rebooting...nwiz.exe has encountered a problem and must shut down. Also said it was a prob. with the NVIDA Graphics Drv. If prob. cont's you can un-install it. Went to the NVIDA website...no help in the FAQ's. I only have one game on my sys. but I will be watching dvd's. Can I get rid of it?

In ...Temp. Internet Files... should I delete all the cookies? and how about the other files..not cookies?

In ...Disk Cleanup...I was deleting downloaded program files and I accidently deleated the folders they resided in. I couldn't find them in the trash basket?
Do I need to recover them? How? Sys doesn't act diff.


----------



## Glaswegian (Sep 16, 2005)

Sorry to butt in here, but I noticed MyWebSearch in your list - this monitors all your internet activity and reports the details back to its authors. It can also be a resource hog. Please uninstall it - a useful guide can be found here = = > http://www.safer-networking.com/removeMyWebSearch.php


I'll now leave you back in koala's safe hands.:wave:


----------



## koala (Mar 27, 2005)

Thanks Glas! Stick around.... there are a couple of processes that might be spyware, if you can take a quick look.



> Whats the ...must sign on as Admin to make these changes...? I didn't do it and still made the changes.


As long as you have admin rights in your account, you don't need to sign on as 'Admin'.



> nwiz.exe has encountered a problem.......


If you only use a single monitor, disable NView.



> In ...Temp. Internet Files... should I delete all the cookies? and how about the other files..not cookies?


That's up to you. There might be some cookies that you want to keep. If not, then you can safely delete them. It won't affect Windows performance either way.



> In ...Disk Cleanup...I was deleting downloaded program files and I accidently deleated the folders they resided in. I couldn't find them in the trash basket? Do I need to recover them? How? Sys doesn't act diff.


If you've deleted any program files with Disk Cleanup, then they have been uninstalled. You will have to reinstall these programs if you want to use them again.



Wow, that's quite a list you've got there :grin: Plenty of processes that can be safely removed, and some of them are known to slow down Windows, so it's looking hopeful.

* = not required at startup
+ = optional
I would recommend disabling the optional ones, unless you need the features they provide. If you notice any problems related to any of the disabled processes, re-enable them and reboot.


* *BlockTracker*: If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
* *hpsysdrv*: Utility from HP which monitors how many recoveries have been made in Microsoft Office suite.
+ *hkcmd*: This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support.
* *hpgs2wnd*: the executable corresponding to Hewlett-Packard's Share-to-web software (for HP scanners). This application allows a user to share photos to a secure Internet site
+ *kbd*: Multimedia keyboard manager. Required if you use the multimedia keys
+ *autobar*: Connect buttons on the keyboard for internet direct access, etc. on HP computers
+ *recguard*: process from HP that prevents a user from deleting or corrupting the WinXP Recovery Partition on Hewlett Packard computers.
+ *ConMgr*: an ISP installation file. Sometimes used by ISPs to setup your Internet Connection, e.g. Earthlink. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.
+ *onetou~2*: for Visioneer OneTouch scanners. System tray access to the control panel for the scanner
* *mwsoemon*: Search toolbar application by MyWebSearch.
*? hpztsbos: I couldn't find anything on this. Probably something to do with the printer/scanner. Leave it enabled for now.*
* *qttask*: installs a tray bar icon which links to the Apple QuickTime video streaming tool.
* *sgtray*: utility from Veritas Software Corporation which installs itself on the system tray bar, and serves to remind you to backup your files.
*? sboeaddon: a process from SpamBlockerUtility.com Inc. belonging to SpamBlockerUtility. I'll leave this one for Glaswegian to advise you on. (HJT O4 Entry?)*
+ *osCheck*: Related to Norton products.
+ *msmsgs*: Microsoft Windows Messenger. If you don't use Messenger you can disable it without changing the msconfig startup list. Windows Messenger > Tools > Options > Preferences. Uncheck "Run this program when Windows Starts".
* *aim*: AOL Instant Messenger
+ *PPWebCap*: installs a system tray bar icon, providing easy access to the Visioneer ScanSoft software.
* *mwsoemon*: search toolbar application by MyWebSearch.
* *ctfmon.exe*: process belonging to Microsoft Office Suite. It activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. Runs in the background, even after you quit all Office programs. Monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.
+ *hp center UI*: User Interface for HP Center
*? Personal Coach: Not sure abot this one. What does it say for Command and Location in the startup list?*
* *Quicken Scheduled*: Application Launcher, Microsoft Office Application, Quicken Scheduled Updates
* *BJ Status Monitor*: Loads with Canon printer. It is a task bar icon that lets you know the status of your printer, ie. if it is on or not etc.
*? Eyetider Launcher: Possible spyware. I'll leave this one to Glaswegian.*


----------



## Michaelluc (Apr 10, 2008)

Hi Koala,

I ran into trouble when I disabled those programs highlighted in red. When I rebooted I got a Sys. Config. Util. msg that said (i'm paraphrasing) that I used S C U to change how Windows starts up. S C U is currently in diagnostic or selective startup mode causing this msg to display and the Util. to run every time Win. starts. Choose Norm. startup mode on the Gen. Tab to start Win. normally and undo changes you made.

I could no longer get to S C U thru start>run>msconfig. So I followed the instrut's above and every one of the startup programs were enabled again.!!! 

How can I reinstall those Downloaded Program files I deleted? Where are they? - on an earlier post.

Thanks, Michael

Personal Coach cmd: C:\proga-\eyeti...
The eyetide launcher is just a screen saver I loaded on the sys. several years ago. 

Where can I find NVIEW so I can disable it?

I'm too chicken to uninstall MyWebSearch. I read the warning that said you had better be an expert before you attemp this. You could destroy your computer! Can't afford to get a new computer so........


----------



## Glaswegian (Sep 16, 2005)

Hi Michael

You don't really need those instructions - just boot to Safe Mode and uninstall anything called *MyWebSearch* or *MyWay* - usually all the programme folders and Registry entries will automatically go as well. I usually check Program Files just in case an odd folder gets left behind. While you're in Safe Mode, also uninstall *SpamBlockerUtility* - it's a potential nuisance made by the guys who made Hotbar - continual pop up ads and sucking up system resources. And *Eyetide* - another one that monitors everything you do. All these programmes are just pests that use up system resources and monitor your browsing - there are plenty of alternatives that don't do these things.

If you have any problems uninstalling then post back and we can help you through.


----------



## koala (Mar 27, 2005)

When the System Config message appears at startup to tell you you're running in Selective Mode, tick the box at the bottom that says 'do not remind me' and the message won't appear again until the next time you change the msconfig startup list.

To reinstall the uninstalled programs, insert the program CDs and install the usual way. If you don't have the CDs and can't download the programs, you've lost them. Be very careful using things like Disk Cleanup, registry cleaners and other programs that are supposed to improve performance. You need to be absolutely sure what files are going to be deleted before hitting the OK button.

To disable nView, right-click the nvidia icon in the system tray and go to nView Desktop Manager > nView Properties and click the Disable button.


----------



## TheShadowFl (Feb 12, 2008)

This thread is getting kind of long and admittedly, I've not read every word, but two things jumped out at me.

Norton is the very first thing I remove from all my new customers' PCs.
It's known world wide to be a huge resource hog and only a mediocre anti virus program. And they actually charge you for it. :upset:
I just de-install it and replace it with the FREE AV program, "AVG 7.5 FREE". The computer will run better and be much safer.
AVG can be downloaded here:
***************************
ANTI-VIRUS PROTECTION:

World famous AVG FREE will keep your computer free of viruses, 
trojans, dialers, etc.
By default, it updates and scans for viruses on a daily basis.
AVG 7.5 FREE, can be downloaded from:
http://free.grisoft.com/doc/5390/lng/us/tpl/v5

Scroll down the page to "FREE Downloads" and then click on:
AVG Anti-Virus Free Edition 7.5
That takes you to the next page where you can select:
avg75free_519a1276.exe (or the currently posted version)
Save the file to your desktop and run the install from there.
*If you have an older version of AVG free already installed,
use the 'Repair Install' option when installing v. 7.5.
Immediately get updates. More than one may be required.
********************************

MyWebSearch IS well known SPYWARE....pure and simple.

Immediately download and update and run "Spybot Search & Destroy" to remove that and many other brands of SPYWARE.

From my website:
**************************
Spybot Search & Destroy: 
(a great anti Spyware program.)
Can be downloaded from:
http://www.safer-networking.org/en/index.html

**************************
I install this program for every one of my customers and it does a great job of cleaning spyware and even some trojans and rootkits, from their PC's. I also give them a printed sheet of instructions on how to update and run scans with this program. Drop me a PM if you require instructions on running and updating Spybot S&D.

Good Luck,
The Shadow


----------



## koala (Mar 27, 2005)

Thanks, Shadow. I've suggested replacing Norton (subscription runs out May 2008) and would recommend *Avira AntiVir* over AVG Free for better detection rates. I dropped AVG Free a few months ago after seeing its poor results in several benchmark tests.


----------



## Michaelluc (Apr 10, 2008)

hi Koala,
Sorry but I have more questions. I'm getting alittle overwhelmed by all the feedback.

How do I boot to "safe mode"? What is safe mode?

Is uninstall the same as Remove program.

Will spybot destroy SpamBlockerUtility and eyetide when I run it? Or do I have to Remove these programs manually?

I've downloaded Spybot s&d and Avira Antivir to my desktop. Do I manually run both these or just the Spybot?

Will I still need firewall protection? I think I saw one that came with this PC. Would it be any good?

I don't find a Nvidia icon on my sys. tray, thats the one on the bottom right?

Thanks Koala, Glaswegian, and The ShadowFl for all your help and patience.

Michael


----------



## CD27 (Apr 12, 2007)

Michael, WELCOME TO TSF!!!!!!



Michaelluc said:


> How do I boot to "safe mode"? What is safe mode?


Safe Mode is a "safety boot" for your computer. When you boot your computer, immediately start tapping the F8 key. Select "Safe Mode". What this does is boots your computer to the most basic and ONLY needed drivers. It disconnects the internet, basically it's the computer's best attempt to keep you free from what's hurting it.



Michaelluc said:


> Is uninstall the same as Remove program.


Yes, Remove Program is the same as uninstalling it. Be careful when you try to "remove' software. ALWAYS "uninstall" it, NEVER simply delete it. Some programs attach themselves to other important documents and files that your system needs to run, which can devastate your computer if you must delete it. Uninstall simply safely removes it from your computer.



Michaelluc said:


> Will spybot destroy SpamBlockerUtility and eyetide when I run it? Or do I have to Remove these programs manually?


No, spybot will not "destroy" anything. Spybot fixes errors in your registry. If a file is altered or does not function properly, it does a really good job at fixing it and putting it back to normal. Also, spybot catches registry changes made, and lets you know about it and gives you the option of whether or not you want to change it. This gives you, the user, the ability to catch viruses in the act trying to attack the computer, and you can successfully block their attempts.

I would suggest, for your benefit, that you do BOTH, remove the programs as wells as do a deep hard scan with spybot.



Michaelluc said:


> I've downloaded Spybot s&d and Avira Antivir to my desktop. Do I manually run both these or just the Spybot?


GREAT! Ok, run spybot AND Avira manually (they can also be set for system scans periodically), but run them separately, don't run them at the same time. Fantastic job my friend!



Michaelluc said:


> Will I still need firewall protection? I think I saw one that came with this PC. Would it be any good?


Yes, you will need a firewall protection of some type. The one that came with your pc sucks really bad, but I haven't done any research on it yet, so, Koala, if you could provide the both of us a link to a much better firewall it would be greatly appreciated 



Michaelluc said:


> I don't find a Nvidia icon on my sys. tray, thats the one on the bottom right?


It should still be there. disabling nview simply keeps your computer from trying to work with two different monitors. turning it off limits it to one monitor, which makes it more efficient for you, the user. But Nvidia should not have been completely disabled. You can view its properties by right-clicking the desktop, properties, settings, advanced, and the GeForce tab.

Hope this has been of some help to you.

God Bless and In Him,

Christian Dude :jackson:


----------



## koala (Mar 27, 2005)

Thanks, CD27.

For a free firewall that will be better than the built-in XP one, try *Comodo* or *Zone Alarm*. Both of these will monitor/block incoming AND outgoing traffic, while the XP firewall only monitors/blocks incoming traffic.

Note: Zone Alarm Free includes Zone Alarm Security Suite, which explains why the free version is larger then most of the other versions. You do not have to install it and it now has some minor nag screens, at least on first install. Just install the firewall part of the package.

Of these 2, I would recommend Comodo as the better firewall.


----------



## Michaelluc (Apr 10, 2008)

Hi Koala and cd27,
I did run my new antivirus and spybot separatly last night. Wow, spybot found a ton of problems and the anti virus only found one.

Q: How do you know when to accept change or deny change in Spybot? There were a few that wouldn't let me accept change because they were being used by other programs. And how to you know weather to fix a virus or quarantine it? I quarantined it.

I just downloaded comodo. But when I tried to install it it was in confict with Norton. I removed all that I could.But there is an 05 version that will not let me remove it??? Any suggestions? I did turn off the firewall that came with the PC. It is not in the program list under My Computer but it does show up as a file under the Control Panel. I would have to "delete" it though and cd27 said not to do that. Any suggestions?

My system is running faster and the Rebooting is much faster, yea. However, when I bring up comcast homepage there is a big news section that won't come up-just a big black space. But if I get out of it and then come back in it is complete!
Thanks in advance for any help. Michael


----------



## koala (Mar 27, 2005)

> Q: How do you know when to accept change or deny change in Spybot?


Check the details listed in the 'change' box. If you don't recognise the filename, you can google it for more details.

Removing Norton can be a delicate operation, and the method depends on which version you have. I'll leave it to someone with more experience than me to give further instructions for this.

Anti-spyware and anti-virus programs look for different kinds of infections, and spyware is more common than viruses, so it's not unusual to find a larger number of spyware detections. It would be best to let Glaswegian take over from here to scan your computer with more specialised tools for any other infections. If SpyBot is finding any, quarantine them for now, and Glas or one of the other security analysts will know what to do.

To disable the XP firewall, go to Control Panel > Security Center and click the On/Off button. Don't do this until you get Norton removed and Comodo properly installed. It's better to have the XP firewall than nothing at all.

Good news about the improved startup time. Remember, if you notice any problems related to the disabled processes, you can re-enable them.

No idea about the Comcast page, sorry. Their homepage uses Flash, so you will need to have this installed to view the top half of the page, and scripts need to be enabled for Flash to work properly.

I hope this isn't all getting too complicated. I bet you wish you'd never asked now :grin: Hang in there and we'll get you sorted.


----------



## CD27 (Apr 12, 2007)

Michael you're doing a fantastic job, not many people would be able to hang in there like that, alot of them would have quit by now. Good job and a pat on the back for you!

Christian Dude :jackson:


----------



## Glaswegian (Sep 16, 2005)

Hi Michael

I want to have a deeper look at your system, so please follow these instructions carefully.


Download *Deckard's System Scanner (DSS)* to your *Desktop* . Note: You must be logged onto an account with administrator privileges.
*Close* all applications and windows.
*Double-click* on *dss.exe* to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > *extra.txt* and maximised > *main.txt*.
Copy *(Ctrl+A then Ctrl+C)* and paste *(Ctrl+V)* the contents of *main.txt* back in this thread *(do not attach it). *
Please *attach* *extra.txt* to your post.


To attach a file to a new post, simply

Click the[*Manage Attachments*] button under *Additional Options > Attach Files* on the post composition page, and
*copy and paste* the following into the "*Upload File from your Computer*" box: *C:\Deckard\System Scanner\extra.txt*​
 Click *Upload.*


If I feel that further investigation is needed I'll move this thread to the HJT Forum.


----------



## Michaelluc (Apr 10, 2008)

Hello CD27,
Thank you for the kind words. I am somewhat embarrassed that I know so little about how a system works. I really didn't care as long as the PC was working ok. As long as your team continues to be patient with me I will continue to ask Q's.

By the way, I really like your Dancing Christian Dude!

OK, now here I go again:

When I tried to Shut down my sys... I got an error message:
Access violation at 004B6BE9 in module "tea time.exe" Read address 00000010
And I also got a Program not responding message. I had to use the END NOW button to get the Sys.. to shut down?

And on another startup I got Access violation at 74E50CC2 ... address74E50CC2

I was able to get into Safe mode. Was that a DOS screen? I had 3 options Safe mode, Safe mode with Networking or Safe mode with Command prompt. I picked just Safe mode. If I had picked the latter option would that allowed me to do something with the first page which had something to do with Drivers. I didn't have time to see if any of these commands had anything to do MyWebSearch, MyWay, Eyetide (which I was SOMEHOW able to remove from my sys...) or SpamBlockerUtility. In an earlier Post Glas... had suggested I uninstall these in Safe Mode. I didn't see how I could do this.

While in Safe mode I logged into Windows. Did I go to far in? Does it matter that I logged in as Owner rather than Administrator? While in Windows I tried to use REMOVE PROGRAMS to get rid of that old Norton version that is conflicting with my being able intall Comodo firewall. It would not remove it. I also tried to remove NVIDIA and to both programs I got a message: All drivers components and their corresponding entries in the registry will be permanetly removed from your system. I backed off...not sure if that was something I should do.

I also got a message at one point that said; Windows is running in Safe mode...Restart in Normal mode. Thats what I did and got the following message: RUNDLL Error loading nview.dll... Invalid access to memory location.

On to a completely different subject. At some point (not in safe mode) I got a message: multi(0)disk(0)rdisk(0)partition(2)\windows\system32\ntoskml.exe Sorry, but I can't remember what I was doing at the time of this msg. popped up. What's it trying to tell me? sounds kind of serious.

Now that I have new anti-virus and anti-spyware programs can I disable the ones that came with this PC?

Thanks, Michael


----------



## Michaelluc (Apr 10, 2008)

Glaswegian,
I am not clear on some of your instructions. I believe as "OWNER" I have administrator privileges. Please correct me if I'm wrong. 

In the first set of instructions: #2 What do I have to do to get access to the dds.exe application to run it?

#4 .... in this thread... do you mean I should add the text in a "reply" to the last post on this thread?

#5 Is there prompts to respond to to ATTACH the extra.txt file to the reply post?

In the 2nd set of instructions: Is a "new post" different from a "reply post"?
How do you make a new post? I've only been replying to old posts so far.

#2 Am I to "copy and paste" the files that pop up when I open C:\Deckard\SystemScanner\extra.text? Where do I put in this command? Is this extra.txt the same file you are referring to in #5 above?


----------



## Glaswegian (Sep 16, 2005)

Hi Michael

Apologies if some of my instructions were not clear. 

You will have Admin rights - no problem there.

You should download DSS to your desktop. It will appear as a green circle with a white cross. Just double click this to start DSS. Once it has finished, it will open one text file automatically. Copy and paste the contents of that file back in this thread.

If you type your posts using the Quick Reply box at the bottom of each thread, you need to click the 'Go Advanced' button. You will now see a larger box - look for 'Manage Attachments' underneath this new box, under the heading 'Additional Options'. Then follow my instructions - the word 'new' is perhaps slightly misleading.


----------



## Michaelluc (Apr 10, 2008)

Good news,
I finally stumbled onto a Norton Removal Tool. Was successful in the removing it (finally). And was able to install Komodo firewall successfully. It scanned my whole system and only found 3 programs of malware which are now gone.

I've gotted no more error msg's since yesterday and I have rebooted my sys... twice. Even the Comcast Home page is complete now. To be honest I'm a nervous about trying to make many more changes. What do you think Glaswegian? Do I really need to have any more scans now? When you have time let me know what you think.

Thanks to all the team members who have helped me. It's been quite an adventure for this non techie user. Iv'e been telling my friends about TSF. I hope thats a good thing! Don't want you all to be overworked.

Peace Now, bring our troops home now! Michael


----------



## Glaswegian (Sep 16, 2005)

Hi Michael

That's good to hear.

However, being involved with security makes me a naturally suspicious type. I'd still like to see the logs from DSS - just as a precaution. I can then put your mind at rest.


----------



## Michaelluc (Apr 10, 2008)

Hi Glaswegian,
Well, I ran DSS. I had a lot of Comodo warnings that I was not sure how to repond to so I either accepted the programs or treat as a trusted application. Should I have disabled Comodo while I ran it? Here's the files you requested (I hope this works because I have never used copy/paste before).

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-17 13:05:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-04-17 20:05:57 UTC - RP1435 - Deckard's System Scanner Restore Point
25: 2008-04-17 14:03:03 UTC - RP1434 - System Checkpoint
24: 2008-04-16 05:33:29 UTC - RP1433 - System Checkpoint
23: 2008-04-15 04:53:35 UTC - RP1432 - System Checkpoint
22: 2008-04-14 04:08:36 UTC - RP1431 - AntiVir PersonalEdition Classic - 4/13/2008 21:08


-- First Restore Point -- 
1: 2008-03-27 17:47:26 UTC - RP1410 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 13:10:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm10232
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--
End of file - 6721 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-16 12:27:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2008-04-16 12:27:25 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-16 12:27:21 0 d-------- C:\Program Files\COMODO
2008-04-13 21:10:19 0 d-------- C:\Program Files\Avira
2008-04-13 21:10:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-13 20:22:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 13:14:43 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-04-16 12:18:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-14 18:25:47 0 d-------- C:\Program Files\AOD
2008-04-14 18:09:30 0 d-------- C:\Program Files\Common Files
2008-04-13 23:30:30 0 d-------- C:\Program Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/20/2004 02:51 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 12:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [07/06/2001 10:56 PM]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 10:42 PM]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [10/01/2002 12:39 AM C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 05:39 PM]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" []
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [03/01/2002 05:11 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/22/2003 11:29 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/20/2004 02:55 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [05/22/2002 12:28 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"SpamBlocker"="C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe" []
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [04/16/2008 12:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [10/15/2001 02:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - C:\Program Files\hp center\137903\Shadow\ShadowBar.exe [10/28/2002 12:30:03 PM]
hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [10/28/2002 12:30:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BJ Status Monitor S600.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BJ Status Monitor S600.lnk
backup=C:\WINDOWS\pss\BJ Status Monitor S600.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Eyetide Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Eyetide Launcher.lnk
backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockTracker]
c:\hp\bin\BlockTracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IM]
C:\Program Files\earthlinkim\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r




-- Hosts -----------------------------------------------------------------------

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

8120 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-17 13:15:06 ------------


----------



## koala (Mar 27, 2005)

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).

Increasing your RAM to 512mb or 1gb will have a noticeable effect on Winodws performance. The log file is showing 83% RAM being used, so trying to run more than 1 or 2 programs at the same time forces Windows to use the hard drive to make up for the lack of RAM. This is called the swap file or virtual memory, and is MUCH slower than RAM.

OK, back to Glaswegian :smile:


----------



## Michaelluc (Apr 10, 2008)

Glaswegian,
I followed your Instructions as best as I could. I don't know if I was able to attach the extra.txt file as I did not receive any acknowlegement that there was an attachment on my post.

I couldn't find the C:\........................\extra.text to copy and paste it? So I just typed it in myself and hit Upload. Let me know if I need to try to attach it again. Michael


----------



## Glaswegian (Sep 16, 2005)

Hi Michael

All nice and clean - just one small registry fix to clear a couple of stray entries.

Download the attached zip file to your desktop. Extract the file *fix.reg* to your desktop. Now double click on *fix.reg* and answer *yes* to any prompts and allow it to merge into the Registry.

I'm happy your system is clean.


----------



## Michaelluc (Apr 10, 2008)

Hello Glaswegian and the Team,

Downloaded fix.zip and ran it. Looks like adding Memory is the next thing I need to do. Is it costly....because I have that Italian disease...mafunzalo.

Is it easy to install? Does it come with install instructions? Or will I need to post on the Hardware forum?

Once installed what kinds of changes do I need to do for my system to operate correctly?

I have two icons on my desktop for both Spybot and Avir. Do I need them both? If not which ones can I get rid of?

Thank you all very much. Peace, Michael


----------



## Glaswegian (Sep 16, 2005)

Hi Michael

I've used Crucial's Memory Tool in the past to find out the exact make and model of memory I need. You don't have to buy from them of course, but at least you'll know what you need.

It is fairly easy to install - it just needs some care. That's not really my area (I mean I can do it myself, but don't ask me to provide instructions...) - one for koala, I think.

Your system should see and be able to use the memory as soon as you boot.

Not sure why you would have 2 icons - does either one have a (2) after the name? If yes, then that would indicate it is simply a copy and you can drop it in the Recycle Bin.

Hope that helps.


----------



## koala (Mar 27, 2005)

Post back with the results from the Crucial Memory Tool so we can recommend the correct type of RAM for your motherboard. The price will be about $40-50 for 1gb.

To install the RAM, switch off the computer and unplug it. Touch a bare metal part of the case to discharge any static electricity from your body, then pull back the retaining clip that's holding the RAM in position and the stick should pop out. Replace with the new RAM, lock the clip and you're done.

If you want to keep your existing RAM, and your motherboard has enough spare slots, then you don't need to remove the existing sticks.


----------



## Michaelluc (Apr 10, 2008)

I ran the CMT but there was a confusing window that appeared: On the left side it showed a slot filled with a 256 DDR PC2100 card in place and next to it there was an empty slot. However, on the right side of the same window there was a message in RED that stated: All memory slots are filled, some existing memory must be removed in order to upgrade. So which side is correct? 
Also there were install instructions for both DIMM and Simm memory cards but in their 4 upgrade options listed I saw nothing about either type. How can I tell which type I have in my system?


----------



## koala (Mar 27, 2005)

The easiest way to find out is to open the case and have a look. If there are no empty RAM slots, then you'll have to remove the sticks in order to upgrade.

I ran the Crucial tool on my PC and it recognised that I have 4 sticks installed with no spare slots, but didn't give any red warning, and couldn't tell that it was OCZ RAM. It got the rest of the details right though.

Run *PC Wizard* and click the Mainboard icon on the left. Post back with the details highlighted in the pic below.


----------



## Michaelluc (Apr 10, 2008)

Hi Koala,
Here are the results PC Wizard 08 scan:

Mfg: HP
Mainboard: Intel NBGV - Northwood/Brookdale-G Validation Board
Chipset: Intel i845GL
Processor: Intel [email protected]
Physical Memory: 256 MB (1x256 DDR-SDRAM)
Video Card: Intel Corp. 82845G/GL/GV/GE/PE Integrated Graphics Device
Hard Disk: Maxtor (61 GB)
DVD Rom Drive: PHILIPS CDD5301
Network Card: Realtek Semiconductor RT8139 (A/B/C/810x/813x/C+) Fast Ethernet Adapter
OS: Microsoft Windows XP Home Edition 5.01.2600 Service Pack 2
DirectX: Version 9.0c

Sometime if/when you have a spare few minutes could you teach me how to capture information like you did in your post above. I tried Copy and paste with 0 success. Thanks, Michael


----------



## koala (Mar 27, 2005)

Any of these 1gb sticks will be suitable. These are at the lower end of the performance scale for RAM due to the limitations of your motherboard, but I've selected the best manufacturers and gone for the highest setting your motherboard can take, PC3200 DDR400 RAM.

*G.SKILL Value 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200) Desktop Memory* - $29
*OCZ 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200) Desktop Memory* - $30
*CORSAIR ValueSelect 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200) Desktop Memory* - $34
*Kingston ValueRAM 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200) Desktop Memory* - $36
*G.SKILL 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200) Desktop Memory* - $37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

To take a screenshot, press the PrintScreen button on your keyboard. This saves the screen to the clipboard. Open Paint, create a new image and hit Ctrl-V to paste the screen. Save it as a compressed jpg (try to keep the size below 100kb). Then go to an upload site like *ImageShack* or *Putfile*, submit your screenshot jpg. It will give you an URL (website address for the image). Copy this by highlighting the URL and hitting Ctrl-C. Click the 'Insert Image' button in the toolbar above your reply, then paste the URL into the box.


----------



## Michaelluc (Apr 10, 2008)

Hi Koala,
Got the side panel off, I see an open slot (DIMM) but is tucked behind my HD. It looks like I'll need to unattach the ribbon cable from the diskette drive and the HD to get the new M card in. That shouldn't disrupt my system, right?

I went to the OCZ website: Is that 1GB memory 1 stick or two 512 MB cards. If it's only 1 card can I leave the other 256 MB card in place or is 1GB the max for my system?

Thanks, Michael


----------



## koala (Mar 27, 2005)

The ribbon cables can safely be removed while installing the RAM. Note which side the red line is on the cables so you can put them back the same way. The cable connectors only fit the drives one way, so you can't go wrong.

All my links are for 1 stick of 1gb RAM, which is the maximum per slot for your motherboard. You can leave your existing 256mb stick, but you might prefer to fit 2 matching sticks of 512mb or 2 sticks of 1gb.


----------



## Michaelluc (Apr 10, 2008)

Thanks Koala,
I'm gonna put in an order for 1GB. Don't want 2; my system might fly right off my desktop. Peace, Michael


----------



## Michaelluc (Apr 10, 2008)

Hi Koala,
I just installed 1gb of memory to my system. It does run faster, yahoo!

I'm still having problems with my comcast.net homepage. It seems to be getting worse. You mentioned something about "flash" and "scripts need to be enabled". Can you direct me to someone who knows about this problem. I emailed comcast a few days ago. I haven't received anything back from them.
Thanks in advance, Michael


----------



## koala (Mar 27, 2005)

If you're happy with the results after cleaning your startup list, adding more RAM and checking for spyware, it would be best to mark this thread as solved and start a new thread in our Internet Explorer or Mozilla forums to deal with your comcast problem.


This first screenshot is what I see in Firefox with scripts blocked, even though I have the latest version of Flash installed. (click to see fullsize)




And this is what I see with scripts enabled. The Flash animations are working correctly, so there's nothing wrong with their website, it's more likely to do with your internet settings. Post a screenshot in your new thread so they can see what's happening.


----------



## Michaelluc (Apr 10, 2008)

Hi koala,
I don't know how to get to those windows you captured in your post above. And my print screen button has never worked on my system. Would it be possible to move post #39 and #40 to a new thread on either of the 2 forums listed in your thread? That would help explain where I am stuck. Thanks, Michael


----------



## koala (Mar 27, 2005)

Sorry, my mistake. The screenshots above are from the homepage for comcast.COM not the one you're having touble with which is comcast.NET (same company, different websites)

I've been to the correct site this time and the principle is the same. Your internet settings or firewall or browser are blocking javascripts. The black area you mentioned should actually be an animated section with pictures and links to articles on the site.

When I view websites using Firefox I have an addon called NoScript which blocks things like javascripts, adverts and Flash animations. This is because they can present a security risk and also slow down the loading of web pages. When I go to a website that I know can be trusted, I set NoScript to allow these potentially dangerous scripts.

Viewing comcast.net with scripts blocked removes the animated section and leaves a black space. Enabling scripts makes the site work as intended.

We might as well leave these last few posts here in this thread, because I'm pretty sure that's what your problem is. Check in Control Panel > Internet Options > Security tab > Custom Level button. Scroll down to near the bottom of the list and set 'Active Scripting' and 'Scripting of Java applets' to Prompt, then go back to comcast.net and let me know if the black space has been replaced with the animated section.


----------



## Michaelluc (Apr 10, 2008)

Hi Koala,
I think I solved the problem earlier this AM. I installed Adobe flash player 9.0 and so far that black window is working as designed. I'll let you know if this fix doesn't continue to work. thanks, Michael


----------

