Slowed to a c-r-a-w-l - WHY?? HJT attached

[Patti Flynn Hei]

I ran the ATF program.
I have pasted my HJT file below.

Within the past week my computer has slowed considerably. I am VERY worried about it!

Could someone please look at my HJT and let me know if there's something (ANYTHING?) that can be done?

Thank you in advance.

Patti



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:59 PM, on 01/16/2008
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS(2).EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.half.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bresnan OnLine
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O24 - Desktop Component 0: (no name) - http://pics.ebayimg.com/aw/pics/home...go_171x102.gif

--
End of file - 2831 bytes

[Jintan]

Hello Patti Flynn Hei,

No outright infection showing here, though that might depend on if this active desktop setting (web based desktop wallpaper) is one that you chose there:

http://pics.ebayimg.com/aw/pics/home...go_171x102.gif


Post back on that, and let's take a different look as well. Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your protective software queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here.

[Patti Flynn Hei]

I didn't understand how to look for the Active Desktop, so I put in the Windows default. I hope that was OK and won't mess up results.
The Silent Runners information I have pasted below was run AFTER the desktop was changed.

Thanks so much for your attention in this.
Patti


"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"myplay DropBox" = "C:\Program Files\myplay\myplay Client\MPTray2.exe" [file not found]
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe /background" [file not found]
"eZulaMain" = "C:\PROGRA~1\ezula\eZulaMain.exe" [file not found]
"Internet Washer Pro" = "C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min" [file not found]
"ClockSync" = "C:\PROGRA~1\CLOCKS~1\Sync.exe /q" [file not found]
"HXDL.EXE" = "C:\Program Files\Alset\HelpExpress\sapwcbtp\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" " [file not found]
"OfotoNow USB Detection" = "C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConn ection OfotoNow" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [file not found]
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"LVComs" = "C:\WINDOWS\SYSTEM\LVComS.exe" ["Logitech Inc."]
"wcmdmgr" = "C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch" [file not found]
"Cydoor" = "CD_Load.exe" ["Cydoor Technologies L.T.D."]
"Eac_Download" = "C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k" [file not found]
"WinampAgent" = ""C:\PROGRAM FILES\WINAMP\WINAMPa.exe"" [null data]
"InstantAccess" = "C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h" [null data]
"RegisterDropHandler" = "C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE" ["8"]
"PE2CKFNT SE" = "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [file not found]
"AtiPTA" = "Atiptaxx.exe" ["ATI Technologies, Inc."]
"Norton CrashGuard Monitor" = ""C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"" [file not found]
"Excite Platform" = "C:\PROGRA~1\EXCITE\PLATFORM\ExLaunch.exe" ["Excite@Home"]
"ATTRedUpate" = "C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe" [file not found]
"Norton Auto-Protect" = "C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET" [file not found]
"Norton eMail Protect" = "C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe" [file not found]
"Adaptec DirectCD" = "C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE" ["Adaptec"]
"POINTER" = "point32.exe" [MS]
"ausvc" = "C:\WINDOWS\ausvc.exe" [file not found]
"SysScan" = "C:\WINDOWS\bvt.exe" [file not found]
"absr" = "C:\WINDOWS\mwsvm.exe " [file not found]
"XupiterStartup" = "C:\Program Files\Xupiter\XupiterStartup2003.exe" [file not found]
"XupiterCfgLoader" = "C:\Program Files\Xupiter\XTCfgLoader.exe" [file not found]
"WhenUSave" = "C:\PROGRA~1\SAVE\Save.exe" [file not found]
"OrbitUpdate" = "C:\Program Files\Orbit\update.exe" [file not found]
"OrbitView" = "C:\Program Files\Orbit\view.exe" [file not found]
"SCUpdate" = ""C:\PROGRAM FILES\BRESNAN\MIGCFG\PROGRAMS\AutoUpdate.exe"" ["0"]
"stcloader" = "C:\WINDOWS\SYSTEM\stcloader.exe" [file not found]
"ClrSchLoader" = "\Program Files\ClearSearch\Loader.exe" [file not found]
"slmss" = "C:\Program Files\Common Files\slmss\slmss.exe" [file not found]
"UpdateStats" = "C:\Program Files\Media\Media\UpdateStats.exe" [file not found]
"Mwsvm" = "C:\WINDOWS\mwsvm.exe" [file not found]
"msbb" = "C:\MSBB.EXE" [file not found]
"AEHXHOR" = "C:\WINDOWS\AEHXHOR.exe" [file not found]
"2DPPN3P5ADNS4B" = "C:\WINDOWS\SYSTEM\Zgl8.exe" [file not found]
"{2CF0B992-5EEB-4143-99C0-5297EF71F444}" = "rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain" [MS]
"couponsandoffers" = "wjview /cp "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"" [MS]
"RunWindowsUpdate" = "C:\WINDOWS\UPTODATE.EXE" [file not found]
"IEDriver" = "C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe" [file not found]
"Bargains" = "C:\Program Files\Bargain Buddy\bin\bargains.exe" [file not found]
"KeenValue" = "C:\Program Files\Common files\KeenValue\KeenValue.exe" [file not found]
"ShowIcon_KODAK_KODAK Multi-Card Reader v1.13e21" = ""C:\Program Files\KODAK\Multi-Card Reader\shwicon.exe" -t"KODAK\KODAK Multi-Card Reader v1.13e21"" [file not found]
"DXM6Patch_981116" = "C:\WINDOWS\p_981116.exe /Q:A" [MS]
"BRILYC" = "C:\WINDOWS\BRILYC.exe" [file not found]
"RFX_auto_upgrade" = (empty string) [file not found]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]
"mdac_runonce" = "C:\WINDOWS\SYSTEM\runonce.exe" [MS]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"ClipGenie Installer" = ""C:\Program Files\DownloadWare\dw.exe" /H" [file not found]
"KodakCCS" = "C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"" [file not found]
"AVG7_CC" = "C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE" ["GRISOFT, s.r.o."]
"AVG7_AMSVR" = "C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"RegisterDropHandler" = "C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE" ["8"]
"CSINJECT.EXE" = "C:\Program Files\Norton CleanSweep\CSINJECT.EXE" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_Calc_Inis\(Default) = "Windows Setup - Calculator"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis_remove 64 C:\WINDOWS\INF\applets.inf" [MS]
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis_remove 64 C:\WINDOWS\INF\applets1.inf" [MS]
PerUser_RNA_Inis\(Default) = "Windows Setup - Dial-Up Networking"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_RNA_remove 64 C:\WINDOWS\INF\rna.inf" [MS]
PerUser_Dialer_Inis\(Default) = "Windows Setup - Phone Dialer"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis_remove 64 C:\WINDOWS\INF\appletpp.inf" [MS]
OlsAolPerUser\(Default) = "Windows Setup - America Online"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
OlsCompuservePerUser\(Default) = "Windows Setup - CompuServe"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
OlsProdigyPerUser\(Default) = "Windows Setup - Prodigy Internet"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
PerUser_Onlinelnks_Inis\(Default) = "Windows Setup - HyperTerminal"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 C:\WINDOWS\INF\appletpp.inf" [MS]
PerUser_ClipBrd_Inis\(Default) = "Windows Setup - Clipboard Viewer"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis_remove 64 C:\WINDOWS\INF\clip.inf" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec Directcd Shell Extension"
-> {HKLM...CLSID} = "Adaptec Directcd Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\CD-Writer Plus\DirectCD\shellex.dll" ["Adaptec"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
ccZipWizDll\(Default) = "{FFEAB400-3031-11D5-B653-0050BAD1A371}"
-> {HKLM...CLSID} = "CoffeeCup Free Zip Wizard Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COFFEE~1\FREEZIP\CCZIPDLL.DLL" ["CoffeeCup Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]


System Policies {policy setting}:
---------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"CDRAutoRun" = (REG_BINARY) hex:00 00 00 00
{unrecognized setting}

"EditLevel" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{Don't save settings at exit}

"NoFileMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by System Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Windows98.htm"


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Start Menu\Programs\StartUp
"RealDownload" -> shortcut to: "C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE -hidden" [file not found]
"Reminder-hpc41001" -> shortcut to: "C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe" [null data]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"Image Transfer" -> shortcut to: "C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe" [null data]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [file not found]
"KODAK Software Updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
usbmon\Driver = "usbmon.dll" [MS]
hpzs9x14\Driver = "hpzs9x14.dll" ["HP"]
usbmon.dll\Driver = "usbmon.dll" [MS]


---------- (launch time: 2008-01-19 13:14:11)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 63 seconds, including 18 seconds for message boxes)

[Jintan]

Best you don't make changes based on things I comment on until we discuss them here first. Not exactly sure what the Silent Runners log is telling us right now. There are very many startups there where no startup file can be located on the system. Look through the Silent Runners log at all those "[file not found]" if you would, and tell me if those files actually exist there. You should know some of them, and can look through your file folders to verify others. Are we looking at just a long history of things deleted but never uninstalled correctly, or something else?