# Uniblue PowerSuite 2009 - PC running slow



## Wingzero2 (Dec 24, 2008)

Okay, so my dad found this great software on the internet, one of those registry and drive scanners and PC boosters.... He paid for it and downloaded it and said his computer was running faster so told me to download and run it, so I did.

Lo-and-behold, I was right to be wary.  I ran the registry cleaner, okay, PC booster, okay, and when I got to the third option- Driver Scanner(which scans your drive and recommends installs, and a few other things), things went to hell in a hand basket.  At least, that's when I first noticed it.  First up on the list:
Upon startup of my computer, after it has the XP loading screen, I see something along the lines of... "Scanning Drive: C for verification yadda yadda..." which I have never seen before in my life.

Now, my startup also ran a LOT slower than usual, with the only addition (startup program-wise) was the uniblue registry cleaner.  It took a LONG time to finally get up and running, at least a few minutes, where it usually takes half a minute if that.  

However, even after that my computer was running real dogged and slow, I would click on a program and it wouldn't even give a loading response- just act like I have never clicked.

So of course I press ctrl-alt-delete, click on task manager to check out what's up... and it gives me an error, saying there is a missing component somewhere, and recommended re-installation. 

Of course by now I'm slapping my forehead because accessing folders within my C Drive, or even Firefox, comes up with the same error.  So I'm thinking Okay, Uniblue wasn't careful and went around deleting important stuff to try to speed my computer up.

So I turn to my dad, and he messes around with my wireless internet connection and uninstalls the previous wireless program and gets my internet working, and beyond that runs the Uniblue registry cleaner and hands it over to me saying it should be fine.

Now, I'm still having problems, but I ran Trend Micro a few times, and also CCleaner a few times and the errors seem to be gone for the most part.  

So, I guess my point is, for you computer-intelligent people out there, what was the exact problem?  Was it that Uniblue registry cleaner deleted stuff it shouldn't have?  And any recommendations on how I can iron out the remaining straggling problems?


I'm of a mind to uninstall Uniblue, I don't care that it's a Microsoft partner and recommended by all the experts, it tore my computer up and to me it's a piece of crap.  What do you guys think?


----------



## mep916 (Dec 24, 2008)

Uninstall the program. Check System Restore. You may be able to restore to a point previous to the changes.


----------



## Intel_man (Dec 24, 2008)

I find their PC Booster really stupid and it actually screws up my computer. 

Their SpyEraser's pretty good for their Active Guard thingy though.


----------



## Wingzero2 (Dec 24, 2008)

That means I'm not the only one who has had problems with it.

I've tried system restores.  In fact, that was the first thing I tried to do to fix it, problem is, all my system restore points just disappeared, so there's nothing for me to restore to.  I'm thinking Uniblue deleted them in its quest to speed my computer up no matter the cost.


----------



## mep916 (Dec 24, 2008)

Well, go ahead and uninstall the program(s). If you want, you can post a HiJackThis log in your next reply, or in the Computer Security section.


----------



## Wingzero2 (Dec 24, 2008)

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/24/2008 9:26:19 AM
mbam-log-2008-12-24 (09-26-18).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 95005
Time elapsed: 48 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\luke\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\luke\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\luke\Application Data\AntispywareBot\Quarantine (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\luke\Application Data\AntispywareBot\Registry Backups (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\luke\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot\Quarantine (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot\Quarantine\07-02-2008-21-40-46 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot\Quarantine\08-02-2008-06-57-19 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot\Registry Backups (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\luke\Application Data\AntispywareBot\DataBaseNew.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdunakey\results.txt (Malware.Trace) -> Quarantined and deleted successfully.


----------



## mep916 (Dec 24, 2008)

I've moved your thread to the Computer Security section and added some info to the title. Now post a fresh HiJackThis log.


----------



## Wingzero2 (Dec 24, 2008)

Okay, I'm uninstalling Uniblue now, I'll run a scan afterwards.


----------



## Wingzero2 (Dec 24, 2008)

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/24/2008 10:55:38 AM
mbam-log-2008-12-24 (10-55-38).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 95282
Time elapsed: 42 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## mep916 (Dec 24, 2008)

Download and run HiJackThis. Do a system scan only and post the log in your next reply. How is your computer running right now?


----------



## Wingzero2 (Dec 27, 2008)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:59 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

-----------------
My computer is running pretty good now, no more errors when clicking on apps or on startup, and it's more or less up to the original speed.


----------



## Wingzero2 (Dec 29, 2008)

"Windows Media Player cannot play the file because there is a problem with your sound device. There may not be a sound device installed on your computer, it may be in use by another program, or it may not be functioning properly."

I just got that error, and I can't play any sound at all.  So I'm guessing that's another thing that got ****ed up from UniBlue, as well as my Windows Messenger which doesn't work either.  

I guess I'll just have to reinstall my sound devices-- any tips/ advice?


----------



## Wingzero2 (Dec 29, 2008)

Right now I'm just pissed off to the extreme, stuff is just randomly not working and now my computer is back to square one, with the 'disk verification' scan at start up and errors occurring all over the place.

I really just don't know what to do.  My thoughts are to wipe my laptop and just reinstall Windows XP and start from scratch, there is just too much shit going wrong all over the place for me to mess with.  What are your opinions?


----------



## ceewi1 (Dec 30, 2008)

Reinstalling Windows may be the quicker and easier option, depending on how many programs and files are on your computer that need to be backed up and reinstalled.  If you want to try to resolve the problems, see http://xphelpandsupport.mvps.org/how_do_i_prevent_chkdsk_from_run.htm for instructions on how to disable the disk verification that keeps coming up.  

You may need to reinstall the audio driver to fix the sound problem, check in Device Manager to see if there is a problem indicated with it.  I'd uninstall it from there and download and reinstall the latest version of the driver from the manufacturer's website.

Your HijackThis log is incomplete, and as a result it's difficult tell if there is still malware present on your system.  Please post a complete HijackThis log.


----------



## Wingzero2 (Jan 1, 2009)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:55 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211086283953
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6028 bytes


----------



## ceewi1 (Jan 2, 2009)

There's no malware showing in that log, the only thing that I would remove is *Viewpoint Manager:*
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything bad. It is known to be intrusive, but there is some possibility that it is now being used by those companies to give them info about your habits. It is not considered spyware since this is not clear, but I would not tolerate it on my machine if I didn't install it.

I suggest you remove it.  To do so, click on *Start* -> *Control Panel* -> *Add or Remove Programs*. Click on anything related to Viewpoint and click Remove.

How is your system running now?  Have the suggestions in my last post made any difference?


----------



## Wingzero2 (Jan 2, 2009)

Well, the link you pointed me to didn't work completely as it was supposed to, but the disk verification hasn't popped up yet so that's good.

Although, I've found that if my computer has been running for a long time it gets real bogged down and errors start occurring, but usually after a restart it is back to normal.

Other than that however, it's running more or less up to par.


----------

