Since the past week, my PC has slowed down considerably. Its most noticable when I try to switch to a different IE window right after clicking on a link in the current IE window. For several seconds the TaskBar remains frozen, without any mouseover action. I run ZoneAlarm and Norton Antivirus(regularly updated). In recent weeks, the number of viruses intercepted by NAV as increased (goes into quarantine). Suspecting spyware/adware, I reset the internet access rights of all unknown apps in ZoneAlarm, and downloaded/ran SpyBot & Adaware. They found tons of pests and removed them, but my problem is still not solved. I have spent many hours on this issue today, and here are the observations that still make me believe that there are still some pests lurning on my computer: 1. PC startup and shutdown time is still very high. 2. Taskbar is still freezing up. 3. An app called TargetSoftSetup.exe is getting downloaded and tries to run and access the internet every time I start the PC (identified thanks to ZoneAlarm). I delete this file every time, but it comes right back the next time I startup the PC. 4. Despite cleaning fully with SpyBot/Adaware, every time I run them again (even without reboot), 2 offending registry keys keep reappearing. Help Please.

Hello MothBai, Maybe you have your computer corrupted or partly damaged. You can try to repair it following theses two procedures: 1) for IE, try this "repair" option: Go to the control panel when not connected to the net, open "add & remove programs", find line "internet explorer and his tools", open it, 3 options avalaibles, one is "repair", send the procedure, IE will scan and check for corrupted or damaged files, reboot at the end of procedure. 2) for windows, try to check your computer, using the SFC procedure: Go to start, then run, type "SFC", follow intructions, you will be maybe asked for the original Win XP CDrom you got when you bought your computer, be ready to install it into your CD driver..... Good Luck

Here is my HiJackThis log: Logfile of HijackThis v1.97.7 Scan saved at 12:04:01 AM, on 2/1/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\PestPatrol\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.exe G:\Download\Diagnostic\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weddingsutra.com/ O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Pacenet] C:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8C05EB8E-8312-47D8-ADA4-24EADBA858E9}: NameServer = 202.54.1.18 203.115.71.66 O17 - HKLM\System\CCS\Services\Tcpip\..\{9C151420-74B8-4454-8812-3A75DEA10661}: NameServer = 203.115.71.66

I have seen this happen to several people. I find it interesting that the setup program keeps returning. I don't think I have the solution to your problem, but I can offer my advice. First off, I think you waited to long to get on top of securing your PC. Sounds to me, you, like every other user I meet, waited until there was considerable damage to the operating system by various spyware and viruses. If I were you I would just save all important data to a disk, then format, before putting your old data back on the disk, make sure it is scanned atleast 2 times with no viruses, also, I would do a complete format of the OS, not just a fast repair. You want to start from scratch. I think this would be a better idea than repairing the operating systm, because chances are, since you let these programs do there dirty work for so long, that the OS has been damaged.

Ian, thanks. Sounds like I'll have to do what you advise ! Separately, I have noticed that for several websites, I see an additional .com at the end of the site name, for instance download.com.com, news.com.com etc. Could this be the work of a pest ? I guess I have learnt my lesson. With my fresh install, I will install and run Adaware, Spybot and PestPatrol as religiously as I currently run NAV and ZoneAlarm.