Tech Problem Aggregator

Computer bogged down, I've completed the 5 steps

Q: Computer bogged down, I've completed the 5 steps

I'm using Windows XP, I installed, Spybot Search and Destroy and Spyware Blaster (basically completed all 5 steps).
The problem that I'm having is that my computer takes forever to turn on. Then there are alot of error messages (windows has encountered a problem in " " program and has to close), there are about 20 of these messages, all referring to windows/system32/XXXX.exe where xxxx are all different program files. Most of this started when my kids were playing an online game called Maple story (from Nexon) and a game called Banned story. I've also deleted a program called Absolute start up (that still seems to be lingering, as well as AOL instant messaging (aol always gives me problems). Also hard to get rid of is Spyware bot (as opposed to Spybot search and destroy). Previous to this mess that you see in my log, I ran my Mcafee virus scan and detected (& removed) several viruses (trojans, worms). I hope you can help me clean my mess! Please let me know if you need more info! I've attached the extra.txt. thank you!!!


Deckard's System Scanner v20070905.67
Run by Sandra on 2007-09-13 15:20:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-09-13 19:20:39 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2007-09-13 15:28:12 UTC - RP43 - Removed SpywareBot
42: 2007-09-12 23:40:27 UTC - RP42 - Software Distribution Service 3.0
41: 2007-09-10 20:29:33 UTC - RP41 - System Checkpoint
40: 2007-09-09 20:29:02 UTC - RP40 - System Checkpoint


-- First Restore Point --
1: 2007-07-30 18:18:18 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.2 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-13 15:23:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\aolspy.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\hvcorhomcs.exe
C:\WINDOWS\SYSTEM32\DRIVERS\aol.exe
C:\WINDOWS\SYSTEM32\CatRoot\aolsvc.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bgsmsnd.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Local Settings\Temporary Internet Files\Content.IE5\Y9N738AU\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\SYSTEM32\bgstb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\SYSTEM32\bgstb.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKEY_LOCAL_MACHINE\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [bi] C:\WINDOWS\system32\bi.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [i] C:\WINDOWS\system32\i.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [zpoaktwskm] C:\WINDOWS\system32\zpoaktwskm.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [hklsyrutqdfb] C:\WINDOWS\system32\hklsyrutqdfb.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [zkxl] C:\WINDOWS\system32\zkxl.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [bxhrwlxbmfmk] C:\WINDOWS\system32\bxhrwlxbmfmk.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [snu] C:\WINDOWS\system32\snu.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [mzzen] C:\WINDOWS\system32\mzzen.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [uxlahgmomyk] C:\WINDOWS\system32\uxlahgmomyk.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [eni] C:\WINDOWS\system32\eni.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [aoebviepf] C:\WINDOWS\system32\aoebviepf.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [saqxdpoh] C:\WINDOWS\system32\saqxdpoh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [vlxriufvzco] C:\WINDOWS\system32\vlxriufvzco.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [szwdlrxb] C:\WINDOWS\system32\szwdlrxb.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [xijw] C:\WINDOWS\system32\xijw.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ftmvqslxii] C:\WINDOWS\system32\ftmvqslxii.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [rlpawdwuggsf] C:\WINDOWS\system32\rlpawdwuggsf.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [mih] C:\WINDOWS\system32\mih.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [kdepcd] C:\WINDOWS\system32\kdepcd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [dqwdsti] C:\WINDOWS\system32\dqwdsti.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [dvbeqh] C:\WINDOWS\system32\dvbeqh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [hmxture] C:\WINDOWS\system32\hmxture.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [kij] C:\WINDOWS\system32\kij.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [vxak] C:\WINDOWS\system32\vxak.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [rkkas] C:\WINDOWS\system32\rkkas.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [rzvhqeudii] C:\WINDOWS\system32\rzvhqeudii.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [wvq] C:\WINDOWS\system32\wvq.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [wmdntybeej] C:\WINDOWS\system32\wmdntybeej.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [qq] C:\WINDOWS\system32\qq.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [hawg] C:\WINDOWS\system32\hawg.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [m] C:\WINDOWS\system32\m.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [yzw] C:\WINDOWS\system32\yzw.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [cmuowxtyuvlx] C:\WINDOWS\system32\cmuowxtyuvlx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [elg] C:\WINDOWS\system32\elg.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [flv] C:\WINDOWS\system32\flv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [gmfptzye] C:\WINDOWS\system32\gmfptzye.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [gmsccx] C:\WINDOWS\system32\gmsccx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [fdugo] C:\WINDOWS\system32\fdugo.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [hvcorhomcs] C:\WINDOWS\system32\hvcorhomcs.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [nyndxaliqzb] C:\WINDOWS\system32\nyndxaliqzb.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ixrwbzw] C:\WINDOWS\system32\ixrwbzw.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [hbmcshimsqns] C:\WINDOWS\system32\hbmcshimsqns.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [yye] C:\WINDOWS\system32\yye.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [znywgjeeoq] C:\WINDOWS\system32\znywgjeeoq.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [taa] C:\WINDOWS\system32\taa.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ynx] C:\WINDOWS\system32\ynx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [rmkfx] C:\WINDOWS\system32\rmkfx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [aloqpmdmdnsr] C:\WINDOWS\system32\aloqpmdmdnsr.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [aqmjtsvp] C:\WINDOWS\system32\aqmjtsvp.exe
O4 - HKEY_LOCAL_MACHINE\..\RunServices: [rzvhqeudii] C:\WINDOWS\system32\rzvhqeudii.exe
O4 - HKEY_LOCAL_MACHINE\..\RunServices: [mzzen] C:\WINDOWS\system32\mzzen.exe
O4 - HKEY_LOCAL_MACHINE\..\RunServices: [hvcorhomcs] C:\WINDOWS\system32\hvcorhomcs.exe
O4 - HKEY_LOCAL_MACHINE\..\RunServices: [wrnfr] C:\WINDOWS\system32\wrnfr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\SANDRA~1.HOM\LOCALS~1\TEMPOR~1\Content.IE5\FEFD4TD8\INDEX_~1.SH!
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=71b30c8c-a93c-4146-a6ad-8d309b717bf5
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader () - http://real.gamehouse.com/games/rapt...gameloader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0279871189662301) (0279871189662301mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\027987~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: AOL SpyBot - Unknown owner - C:\WINDOWS\SYSTEM32\aolspy.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: Print Spooler Service (g6euuloz4omli7) - Unknown owner - C:\WINDOWS\system32\hvcorhomcs.exe /service
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: AOL Loading Service (Inst_AOLSVC) - Unknown owner - "C:\WINDOWS\System32\drivers\aol.exe"
O23 - Service: AOL Client Service (LOAD-AOL_Serv) - Unknown owner - "C:\WINDOWS\System32\Catroot\aolsvc.exe"


-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" /S "%3"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 X4HSX32 - c:\program files\comcast games on demand\x4hsx32.sys
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 geebers12 - c:\program files\maple-fun\vicious\nvid888.sys (file missing)
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys (file missing)
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
S3 wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - c:\windows\system32\drivers\wg111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR 802.11g Wireless LAN>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AOL SpyBot - c:\windows\system32\aolspy.exe
R2 g6euuloz4omli7 (Print Spooler Service) - c:\windows\system32\hvcorhomcs.exe /service
R2 Inst_AOLSVC (AOL Loading Service) - "c:\windows\system32\drivers\aol.exe"
R2 LOAD-AOL_Serv (AOL Client Service) - "c:\windows\system32\catroot\aolsvc.exe"

S? SpywareBotSrv -
S2 0279871189662301mcinstcleanup (McAfee Application Installer Cleanup (0279871189662301)) - c:\windows\temp\027987~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&1C660DD6&0&08F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-15 01:00:00 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-09-13 03:30:00 428 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2007-09-11 22:16:00 272 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-07 20:00:00 396 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HOME-MHTTOMDSX2-Sandra).job
2007-09-01 01:00:00 354 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-08-28 17:54:09 394 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-08-13 and 2007-09-13 -----------------------------

2007-09-13 13:20:55 0 d-------- C:\ie-spyad_zo
2007-09-13 13:16:36 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-09-13 13:16:35 0 d-------- C:\Program Files\SpywareBlaster
2007-09-13 11:48:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-13 11:47:56 0 d-------- C:\WINDOWS\LastGood
2007-09-13 11:41:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-09-01 20:53:59 115712 --a------ C:\sfgdg435.exe
2007-08-28 17:54:13 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\Uniblue
2007-08-28 17:29:24 0 d-------- C:\Program Files\PC Doc Pro
2007-08-28 17:29:20 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\PC Tools
2007-08-28 17:28:02 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\Google
2007-08-28 17:27:55 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-08-28 17:26:53 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-08-27 12:49:54 0 d-------- C:\Nexon
2007-08-27 02:32:09 0 d-------- C:\Program Files\F-Group
2007-08-26 23:54:21 128000 --a------ C:\aol.exe
2007-08-26 23:46:02 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\StarOffice8
2007-08-26 22:14:28 0 d-------- C:\Program Files\Spyware Doctor
2007-08-26 20:09:21 0 d-------- C:\Program Files\Sun
2007-08-26 19:58:26 0 d-------- C:\Program Files\Picasa2
2007-08-26 19:57:38 0 d-------- C:\Program Files\Google
2007-08-26 17:37:56 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\WinPatrol
2007-08-26 17:37:48 0 d-------- C:\Program Files\BillP Studios
2007-08-22 23:11:20 0 d-------- C:\Documents and Settings\Jonathan.HOME-MHTTOMDSX2\Application Data\ComcastToolbar
2007-08-13 21:19:03 18432 -r-hs---- C:\WINDOWS\system32\aolspy.exe


-- Find3M Report ---------------------------------------------------------------

2007-09-13 11:24:58 0 d-------- C:\Program Files\WildTangent
2007-09-13 11:19:36 0 d-------- C:\Program Files\Viewpoint
2007-09-13 08:15:32 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2007-09-13 08:15:32 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2007-09-13 01:43:37 0 d-------- C:\Program Files\McAfee
2007-09-11 21:53:28 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-09 08:56:58 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\Identities
2007-09-01 21:56:59 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-01 20:04:47 0 d-------- C:\Program Files\NeoPaint for Windows
2007-09-01 20:02:13 0 d-------- C:\Program Files\Comcast Play Games
2007-09-01 20:02:11 0 d-------- C:\Program Files\Common Files
2007-09-01 20:00:42 0 d-------- C:\Program Files\Common Files\aol
2007-08-28 17:27:50 0 d-------- C:\Program Files\ComcastToolbar
2007-08-28 17:26:56 0 d-------- C:\Program Files\BannedStory
2007-08-26 20:09:00 0 d-------- C:\Program Files\Java
2007-08-12 07:58:51 123904 --a------ C:\WINDOWS\system32\bi.exe
2007-08-10 16:24:31 140288 --a------ C:\aolupdates.exe
2007-08-10 15:47:04 140288 --a------ C:\WINDOWS\system32\wuctnhrrr.exe
2007-08-10 15:47:04 140288 --a------ C:\WINDOWS\system32\i.exe
2007-08-06 06:52:34 95232 --a------ C:\WINDOWS\system32\hklsyrutqdfb.exe
2007-08-01 23:31:09 0 d-------- C:\Program Files\BFG
2007-08-01 07:44:56 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-30 23:16:27 189440 --a------ C:\WINDOWS\system32\bxhrwlxbmfmk.exe
2007-07-28 09:40:11 152064 --a------ C:\WINDOWS\system32\edydsyu.exe
2007-07-27 22:55:38 151040 --a------ C:\WINDOWS\system32\snu.exe
2007-07-27 08:51:45 144384 --a------ C:\WINDOWS\system32\mzzen.exe
2007-07-26 21:10:28 185344 --a------ C:\WINDOWS\system32\uxlahgmomyk.exe
2007-07-26 20:41:51 185344 --a------ C:\WINDOWS\system32\lwtnuhbbe.exe
2007-07-26 16:40:00 185344 --a------ C:\WINDOWS\system32\eni.exe
2007-07-26 08:12:11 0 d-------- C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Application Data\Nexon
2007-07-26 08:04:12 132096 --a------ C:\WINDOWS\system32\aoebviepf.exe
2007-07-25 07:37:41 164864 --a------ C:\WINDOWS\system32\saqxdpoh.exe
2007-07-24 08:35:07 177152 --a------ C:\WINDOWS\system32\wpo.exe
2007-07-22 14:55:21 173056 --a------ C:\WINDOWS\system32\vlxriufvzco.exe
2007-07-22 01:00:53 0 d-------- C:\Program Files\McAfee.com
2007-07-22 00:44:38 123904 --a------ C:\WINDOWS\system32\szwdlrxb.exe
2007-07-14 12:34:14 140288 --a------ C:\WINDOWS\system32\qehvzyii.exe
2007-07-14 12:16:48 140288 --a------ C:\WINDOWS\system32\ftmvqslxii.exe
2007-07-14 09:43:18 128000 --a------ C:\WINDOWS\system32\rivfjuumkz.exe
2007-07-14 09:13:43 128000 --a------ C:\WINDOWS\system32\mkgaloivt.exe
2007-07-14 09:13:40 128000 --a------ C:\WINDOWS\system32\jpwu.exe
2007-07-13 23:02:09 128000 --a------ C:\WINDOWS\system32\tj.exe
2007-07-13 21:50:35 128000 --a------ C:\WINDOWS\system32\lhv.exe
2007-07-13 21:50:02 128000 --a------ C:\WINDOWS\system32\e.exe
2007-07-13 21:44:03 128000 --a------ C:\WINDOWS\system32\epglkyz.exe
2007-07-13 11:59:37 132096 --a------ C:\WINDOWS\system32\rlpawdwuggsf.exe
2007-07-13 11:59:24 132096 --a------ C:\WINDOWS\system32\hcbfalnvkqt.exe
2007-07-11 10:34:47 160768 --a------ C:\WINDOWS\system32\mih.exe
2007-07-09 00:38:38 168960 --a------ C:\WINDOWS\system32\kdepcd.exe
2007-07-08 21:46:56 168960 --a------ C:\WINDOWS\system32\gmdugdrfcwu.exe
2007-07-08 21:29:02 168960 --a------ C:\WINDOWS\system32\qffg.exe
2007-07-08 19:21:56 168960 --a------ C:\WINDOWS\system32\cylrkkwa.exe
2007-07-08 19:14:23 168960 --a------ C:\WINDOWS\system32\froanehada.exe
2007-07-08 19:12:00 168960 --a------ C:\WINDOWS\system32\ffi.exe
2007-07-08 19:02:34 168960 --a------ C:\WINDOWS\system32\gdnjjvkc.exe
2007-07-08 18:42:11 168960 --a------ C:\WINDOWS\system32\aj.exe
2007-07-07 14:40:17 111616 --a------ C:\WINDOWS\system32\ifchm.exe
2007-07-03 17:28:57 111616 --a------ C:\WINDOWS\system32\dqwdsti.exe
2007-07-03 09:51:57 111616 --a------ C:\WINDOWS\system32\dpyvyf.exe
2007-07-02 07:33:28 136192 --a------ C:\WINDOWS\system32\dvbeqh.exe
2007-07-02 07:31:06 177152 --a------ C:\WINDOWS\system32\hmxture.exe
2007-07-02 01:57:55 128000 --a------ C:\WINDOWS\system32\kij.exe
2007-06-30 07:26:13 132096 --a------ C:\WINDOWS\system32\vxak.exe
2007-06-28 08:46:36 144384 --a------ C:\WINDOWS\system32\rkkas.exe
2007-06-27 08:29:21 197632 --a------ C:\WINDOWS\system32\gpedfsdjzcyg.exe
2007-06-25 07:54:33 115712 --a------ C:\WINDOWS\system32\rzvhqeudii.exe
2007-06-24 13:33:17 111616 --a------ C:\WINDOWS\system32\vvgi.exe
2007-06-24 13:30:24 136192 --a------ C:\WINDOWS\system32\wmdntybeej.exe
2007-06-23 17:40:51 140288 --a------ C:\WINDOWS\system32\qq.exe
2007-06-23 07:18:28 168960 --a------ C:\WINDOWS\system32\hawg.exe
2007-06-23 04:32:44 128000 --a------ C:\WINDOWS\system32\m.exe
2007-06-22 22:47:38 177152 --a------ C:\WINDOWS\system32\cmuowxtyuvlx.exe
2007-06-22 22:47:35 177152 --a------ C:\WINDOWS\system32\mw.exe
2007-06-22 20:56:31 132096 --a------ C:\WINDOWS\system32\elg.exe
2007-06-22 20:47:34 107520 --a------ C:\WINDOWS\system32\flv.exe
2007-06-22 20:43:33 173056 --a------ C:\WINDOWS\system32\gmfptzye.exe
2007-06-22 20:43:29 173056 --a------ C:\WINDOWS\system32\hqrwsptour.exe
2007-06-22 19:20:35 148480 --a------ C:\WINDOWS\system32\gmsccx.exe
2007-06-22 19:20:32 148480 --a------ C:\WINDOWS\system32\ozzlsisza.exe
2007-06-22 18:47:12 148480 --a------ C:\WINDOWS\system32\wawpn.exe
2007-06-22 18:47:09 148480 --a------ C:\WINDOWS\system32\payywbub.exe
2007-06-22 09:27:18 103424 --a------ C:\WINDOWS\system32\fdugo.exe
2007-06-21 07:42:44 128000 --a------ C:\WINDOWS\system32\hvcorhomcs.exe
2007-06-20 21:22:04 181248 --a------ C:\WINDOWS\system32\nyndxaliqzb.exe
2007-06-20 00:38:21 119808 --a------ C:\WINDOWS\system32\ertqd.exe
2007-06-20 00:26:29 119808 --a------ C:\WINDOWS\system32\igqyvf.exe
2007-06-19 13:02:55 119808 --a------ C:\WINDOWS\system32\ixrwbzw.exe
2007-06-19 00:17:17 95232 --a------ C:\WINDOWS\system32\hbmcshimsqns.exe
2007-06-18 22:47:47 95232 --a------ C:\WINDOWS\system32\jkucy.exe
2007-06-18 14:58:45 95232 --a------ C:\WINDOWS\system32\tfbpfcu.exe
2007-06-16 10:00:57 173056 --a------ C:\WINDOWS\system32\hrvqrk.exe
2007-06-15 23:22:04 115712 --a------ C:\WINDOWS\system32\l.exe
2007-06-15 23:21:53 115712 --a------ C:\WINDOWS\system32\kyg.exe
2007-06-15 23:16:42 181248 --a------ C:\WINDOWS\system32\uhwqxjd.exe
2007-06-15 23:11:30 123904 --a------ C:\WINDOWS\system32\eahbjicorzx.exe
2007-06-15 23:11:19 123904 --a------ C:\WINDOWS\system32\dhahqu.exe
2007-06-15 23:11:08 123904 --a------ C:\WINDOWS\system32\qu.exe
2007-06-15 23:10:57 144384 --a------ C:\WINDOWS\system32\aobn.exe
2007-06-15 23:10:46 144384 --a------ C:\WINDOWS\system32\qovjjwuyozb.exe
2007-06-15 23:00:35 99328 --a------ C:\WINDOWS\system32\h.exe
2007-06-15 23:00:24 95232 --a------ C:\WINDOWS\system32\qrgwdnkxxg.exe
2007-06-15 23:00:13 95232 --a------ C:\WINDOWS\system32\mlu.exe
2007-06-15 23:00:02 189440 --a------ C:\WINDOWS\system32\nsprexynbvj.exe
2007-06-15 22:59:51 189440 --a------ C:\WINDOWS\system32\pzukmlzsc.exe
2007-06-15 22:59:40 189440 --a------ C:\WINDOWS\system32\ptltpl.exe
2007-06-15 22:59:17 123904 --a------ C:\WINDOWS\system32\w.exe
2007-06-15 22:54:06 128000 --a------ C:\WINDOWS\system32\qrry.exe
2007-06-15 22:53:55 144384 --a------ C:\WINDOWS\system32\imjgrvwqskl.exe
2007-06-15 22:53:33 111616 --a------ C:\WINDOWS\system32\qysemkfiyk.exe
2007-06-15 22:43:11 123904 --a------ C:\WINDOWS\system32\aclnniaymdr.exe
2007-06-15 22:22:59 132096 --a------ C:\WINDOWS\system32\mjbgni.exe
2007-06-13 21:38:14 148480 --a------ C:\WINDOWS\system32\vov.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecoverFromReboo"="C:\WINDOWS\Temp\RECOVE~1.EXE" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 04:00 AM]
"CTHelper"="CTHELPER.EXE" [10/06/2003 05:57 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/28/2003 04:19 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/28/2003 04:19 PM]
"bgsmsnd.exe"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe" [05/06/2006 11:58 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [08/11/2007 06:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [06/14/2007 06:32 PM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [08/14/2007 05:02 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Absolute StartUp monitor"="C:\Program Files\F-Group\Absolute StartUp\ASMon.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [08/17/2007 04:48 PM]
"bi"="C:\WINDOWS\system32\bi.exe" [08/12/2007 07:58 AM]
"i"="C:\WINDOWS\system32\i.exe" [08/10/2007 03:47 PM]
"zpoaktwskm"="C:\WINDOWS\system32\zpoaktwskm.exe" []
"hklsyrutqdfb"="C:\WINDOWS\system32\hklsyrutqdfb.exe" [08/06/2007 06:52 AM]
"zkxl"="C:\WINDOWS\system32\zkxl.exe" []
"bxhrwlxbmfmk"="C:\WINDOWS\system32\bxhrwlxbmfmk.exe" [07/30/2007 11:16 PM]
"snu"="C:\WINDOWS\system32\snu.exe" [07/27/2007 10:55 PM]
"mzzen"="C:\WINDOWS\system32\mzzen.exe" [07/27/2007 08:51 AM]
"uxlahgmomyk"="C:\WINDOWS\system32\uxlahgmomyk.exe" [07/26/2007 09:10 PM]
"eni"="C:\WINDOWS\system32\eni.exe" [07/26/2007 04:40 PM]
"aoebviepf"="C:\WINDOWS\system32\aoebviepf.exe" [07/26/2007 08:04 AM]
"saqxdpoh"="C:\WINDOWS\system32\saqxdpoh.exe" [07/25/2007 07:37 AM]
"vlxriufvzco"="C:\WINDOWS\system32\vlxriufvzco.exe" [07/22/2007 02:55 PM]
"szwdlrxb"="C:\WINDOWS\system32\szwdlrxb.exe" [07/22/2007 12:44 AM]
"xijw"="C:\WINDOWS\system32\xijw.exe" []
"ftmvqslxii"="C:\WINDOWS\system32\ftmvqslxii.exe" [07/14/2007 12:16 PM]
"rlpawdwuggsf"="C:\WINDOWS\system32\rlpawdwuggsf.exe" [07/13/2007 11:59 AM]
"mih"="C:\WINDOWS\system32\mih.exe" [07/11/2007 10:34 AM]
"kdepcd"="C:\WINDOWS\system32\kdepcd.exe" [07/09/2007 12:38 AM]
"dqwdsti"="C:\WINDOWS\system32\dqwdsti.exe" [07/03/2007 05:28 PM]
"dvbeqh"="C:\WINDOWS\system32\dvbeqh.exe" [07/02/2007 07:33 AM]
"hmxture"="C:\WINDOWS\system32\hmxture.exe" [07/02/2007 07:31 AM]
"kij"="C:\WINDOWS\system32\kij.exe" [07/02/2007 01:57 AM]
"vxak"="C:\WINDOWS\system32\vxak.exe" [06/30/2007 07:26 AM]
"rkkas"="C:\WINDOWS\system32\rkkas.exe" [06/28/2007 08:46 AM]
"rzvhqeudii"="C:\WINDOWS\system32\rzvhqeudii.exe" [06/25/2007 07:54 AM]
"wvq"="C:\WINDOWS\system32\wvq.exe" []
"wmdntybeej"="C:\WINDOWS\system32\wmdntybeej.exe" [06/24/2007 01:30 PM]
"qq"="C:\WINDOWS\system32\qq.exe" [06/23/2007 05:40 PM]
"hawg"="C:\WINDOWS\system32\hawg.exe" [06/23/2007 07:18 AM]
"m"="C:\WINDOWS\system32\m.exe" [06/23/2007 04:32 AM]
"yzw"="C:\WINDOWS\system32\yzw.exe" []
"cmuowxtyuvlx"="C:\WINDOWS\system32\cmuowxtyuvlx.exe" [06/22/2007 10:47 PM]
"elg"="C:\WINDOWS\system32\elg.exe" [06/22/2007 08:56 PM]
"flv"="C:\WINDOWS\system32\flv.exe" [06/22/2007 08:47 PM]
"gmfptzye"="C:\WINDOWS\system32\gmfptzye.exe" [06/22/2007 08:43 PM]
"gmsccx"="C:\WINDOWS\system32\gmsccx.exe" [06/22/2007 07:20 PM]
"fdugo"="C:\WINDOWS\system32\fdugo.exe" [06/22/2007 09:27 AM]
"hvcorhomcs"="C:\WINDOWS\system32\hvcorhomcs.exe" [06/21/2007 07:42 AM]
"nyndxaliqzb"="C:\WINDOWS\system32\nyndxaliqzb.exe" [06/20/2007 09:22 PM]
"ixrwbzw"="C:\WINDOWS\system32\ixrwbzw.exe" [06/19/2007 01:02 PM]
"hbmcshimsqns"="C:\WINDOWS\system32\hbmcshimsqns.exe" [06/19/2007 12:17 AM]
"yye"="C:\WINDOWS\system32\yye.exe" []
"znywgjeeoq"="C:\WINDOWS\system32\znywgjeeoq.exe" []
"taa"="C:\WINDOWS\system32\taa.exe" [06/12/2007 10:39 AM]
"ynx"="C:\WINDOWS\system32\ynx.exe" []
"rmkfx"="C:\WINDOWS\system32\rmkfx.exe" [06/07/2007 09:10 PM]
"nwiz"="nwiz.exe" [07/28/2003 04:19 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"aloqpmdmdnsr"="C:\WINDOWS\system32\aloqpmdmdnsr.exe" []
"aqmjtsvp"="C:\WINDOWS\system32\aqmjtsvp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [05/09/2005 07:16 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"Absolute StartUp monitor"="C:\Program Files\F-Group\Absolute StartUp\ASMon.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SB Audigy 2 Startup Menu"="/L:ENG" []
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [07/25/2007 03:10 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=71b30c8c-a93c-4146-a6ad-8d309b717bf5

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"rzvhqeudii"=C:\WINDOWS\system32\rzvhqeudii.exe
"mzzen"=C:\WINDOWS\system32\mzzen.exe
"hvcorhomcs"=C:\WINDOWS\system32\hvcorhomcs.exe
"wrnfr"=C:\WINDOWS\system32\wrnfr.exe

C:\Documents and Settings\Sandra.HOME-MHTTOMDSX2\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2/2/2007 5:55:10 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 6:23:00 PM]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [1/15/2007 2:32:15 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - 0279871189662301MCINSTCLEANUP
*Newly Created Service* - PCANDIS5



-- Hosts -----------------------------------------------------------------------

127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com

6365 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-09-13 15:27:15 ------------

A: Computer bogged down, I've completed the 5 steps

Hi.
Quite a bit to tidy up....



Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop g6euuloz4omli7
sc delete g6euuloz4omli7


Type Exit to close.


=================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Quote:





File::

C:\WINDOWS\system32\bi.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\zpoaktwskm.exe
C:\WINDOWS\system32\hklsyrutqdfb.exe
C:\WINDOWS\system32\zkxl.exe
C:\WINDOWS\system32\bxhrwlxbmfmk.exe
C:\WINDOWS\system32\snu.exe
C:\WINDOWS\system32\mzzen.exe
C:\WINDOWS\system32\uxlahgmomyk.exe
O C:\WINDOWS\system32\eni.exe
C:\WINDOWS\system32\aoebviepf.exe
C:\WINDOWS\system32\saqxdpoh.exe
C:\WINDOWS\system32\vlxriufvzco.exe
C:\WINDOWS\system32\szwdlrxb.exe
C:\WINDOWS\system32\xijw.exe
C:\WINDOWS\system32\ftmvqslxii.exe
C:\WINDOWS\system32\rlpawdwuggsf.exe
C:\WINDOWS\system32\mih.exe
C:\WINDOWS\system32\kdepcd.exe
C:\WINDOWS\system32\dqwdsti.exe
C:\WINDOWS\system32\dvbeqh.exe
C:\WINDOWS\system32\hmxture.exe
C:\WINDOWS\system32\kij.exe
C:\WINDOWS\system32\vxak.exe
C:\WINDOWS\system32\rkkas.exe
C:\WINDOWS\system32\rzvhqeudii.exe
C:\WINDOWS\system32\wvq.exe
C:\WINDOWS\system32\wmdntybeej.exe
C:\WINDOWS\system32\qq.exe
C:\WINDOWS\system32\hawg.exe
C:\WINDOWS\system32\m.exe
C:\WINDOWS\system32\yzw.exe
C:\WINDOWS\system32\cmuowxtyuvlx.exe
C:\WINDOWS\system32\elg.exe
C:\WINDOWS\system32\flv.exe
C:\WINDOWS\system32\gmfptzye.exe
C:\WINDOWS\system32\gmsccx.exe
C:\WINDOWS\system32\fdugo.exe
C:\WINDOWS\system32\hvcorhomcs.exe
C:\WINDOWS\system32\nyndxaliqzb.exe
C:\WINDOWS\system32\ixrwbzw.exe
C:\WINDOWS\system32\hbmcshimsqns.exe
C:\WINDOWS\system32\yye.exe
C:\WINDOWS\system32\znywgjeeoq.exe
C:\WINDOWS\system32\taa.exe
C:\WINDOWS\system32\ynx.exe
C:\WINDOWS\system32\rmkfx.exe
C:\WINDOWS\system32\aloqpmdmdnsr.exe
C:\WINDOWS\system32\aqmjtsvp.exe
C:\WINDOWS\system32\rzvhqeudii.exe
C:\WINDOWS\system32\mzzen.exe
C:\WINDOWS\system32\hvcorhomcs.exe
C:\WINDOWS\system32\wrnfr.exe
C:\sfgdg435.exe





Save this as *CFScript.txt*, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at *C:\ComboFix.txt*

Post back the combofix.txt along with a fresh HijackThis log and the DSS log please


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

15 more replies
Answer Match 81.9%

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-01-31 01:28:43 UTC - RP952 - Deckard's System Scanner Restore Point
68: 2008-01-30 17:13:30 UTC - RP951 - Software Distribution Service 3.0
67: 2008-01-29 04:16:44 UTC - RP950 - System Checkpoint
66: 2008-01-28 02:45:48 UTC - RP949 - Installed Ad-Aware 2007
65: 2008-01-27 08:45:23 UTC - RP948 - System Checkpoint


-- First Restore Point --
1: 2008-01-23 03:35:38 UTC - RP884 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 127 MiB (512 MiB recommended).
System Drive C: has 2.41 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-30 19:33:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDO... Read more

A:Spyware and viruses slowing computer (completed all five steps)

BUMP

Did I do something wrong? This is my third post and nobody has answered, I really need help.

2 more replies
Answer Match 81.06%

I haven't really scanned this computer ever, but the school I went to offered free antivirus software called Counterspy which I've used to scan recently. It detected a whole lot (with updated definitions) such as various pieces of spyware, and some trojans in my Outlook email, which I just ended up deleting as a whole, but I had a feeling there is much more going on.

I followed the steps and the only thing notable to point out about step 1 is that I had the viewpoint media player, which I uninstalled. I have no clue how that even got installed.

Here are the logs:

dss main.txt:
Deckard's System Scanner v20070826.66
Run by Admin on 2007-09-05 13:42:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 1.71 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:00 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Mi... Read more

A:Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed.

Please download Combofix from HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

================================

Download Superantispyware (SAS) free home version from HERE


Install it and double-click the icon on your desktop to run it.
? It will ask if you want to update the program definitions, click Yes.
? Under Configuration and Preferences, click the Preferences button.
? Click the Scanning Control tab.
? Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
? On the main screen, under Scan for Harmful Software click Scan your computer.
? On the left check C:\Fixed Drive.
? On the right, under Complete Scan, choose Perform Complete Scan.
? Click Next to start the scan. Please be patient while it scans your computer.
? After the scan is complete a summary box will appear. Click OK.
? Make sure everything in the white box has a check next to it, then click Next.
? It will quarantine what it found and if it asks if ... Read more

5 more replies
Answer Match 72.24%

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex... Read more

A:Completed five steps...here is the log.

Bump!

3 more replies
Answer Match 72.24%

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation


-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Awar... Read more

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Download SDFix and save it to your desktop.
Do not do anything with this yet!


Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.


SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies
Answer Match 72.24%

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run... Read more

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer"... Read more

19 more replies
Answer Match 72.24%

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Softw... Read more

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!


Next, download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.[/QUOTE]

19 more replies
Answer Match 71.4%

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program File... Read more

A:HijackThis Log - completed 5 steps

bump

anyone?

19 more replies
Answer Match 71.4%

log listed below : DO YOU WANT THE PANDA SCAN SCAN ALSO?

had constant pop ups- they have stopped- system very slow..avast found virus in operating system-win32:agent-PSG [drp] and vtutr.dll -
trojans




I just know how to computer surf- my son goes to online school- so we really need this computer
log listed below

Deckard's System Scanner v20071014.68
Run by wpccs on 2008-02-03 18:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-03 23:09:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 18:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WI... Read more

A:hijackthis log- completed 5 steps

Hi dorimom, and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------


Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Close HiJackThis

--------------------------------------------------------------


Since it has been awhile... Please run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt

5 more replies
Answer Match 71.4%

I recently had a virus and used HP recovery and now I don't have any sound. I originally posted this in the sound card forum and was instructed by deejay100six to go through the five steps of identifying a virus. I completed those steps and below is my Panda Scan results. I have the hijackthis results when ever you need them. I originally went through all of the basic steps to fixing the sound problem but nothing worked. Thanks again in advance.

ANALYSIS: 2008-08-16 02:24:44
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080815-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;==============================================================================================... Read more

A:No Sound/5 steps completed

I need some help here guys. Below is my hijackthis results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:50 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\... Read more

4 more replies
Answer Match 71.4%

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tom Roach.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\syst... Read more

A:WinAntiVirusPro - 5 steps completed

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies
Answer Match 71.4%

ok, i know i have malware on my computer. i read the 5 steps to do first....

step one-
i ran ad-aware (i have pro edition), no problems found,
aswell as spy bot s& d and cwschredder, all fine

syep two-i have norton and avg, no problems

step 3-none from that list

step 4-none from that list

step 5-can't update from windows, just get errors

here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:51 AM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JBOOGY\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\stng260[1].exe
C:\Program Files\a-squared\a2guard.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Administrator.JBOOGY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Inte... Read more

A:ok, difinitely need help. i have completed the five steps

Hi,

Quote:




If you are seeking help for spyware/antivirus issues, or wish to have your Hijack This log checked, please do not post here!




Post it at the HijackThis Log Help section. I think I mod will move this post.

5 more replies
Answer Match 71.4%

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Answer Match 70.56%

I am experiencing Browser hijacking and pop ups in new tabs.
nothing else yet, that I know of, except a ding (like the one we hear when we click on something that won't work) that just sounds for no reason.
Attached is the requested logs. Thank you so much, in advance.
**All scans were done in safe-mode**

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Owner at 13:01:21.76 on Mon 07/12/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.363 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www... Read more

A:First Steps completed, ready for analysis

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

12 more replies
Answer Match 70.56%

Hi

Just the other night while reading a forum I regularly visit, popups started to happen, a TAG (SearchUs) icon appeared on the desktop, Outerinfo appeared in the task bar, MS Office install window pops up, and a few others.

I have AVG, SpywareBlaster, Spybot, and a few other on my PC. After running them Spybot was able to remove a few but the Smitfraud-C.CoreService remained. All of the above symptoms are still happening about every 15 minutes or so.

I completed the first 5 basic steps from this forum you are supposed to do before posting a log. AdAware detected nothing. Panda detected 1 Virus, 37 Spyware, and 6 Hacking Tools/Rootkits. Hopefully somebody can help me. Here is the info...

PANDA:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vturppm.dll
Spyware:Spyware/Virtumonde ... Read more

A:Smitfraud-C.CoreService, completed the 5 STEPS

PS: It took me 5 hours to do the above (yes... 5 hours) and do the 5 steps.

I took the time to follow the forum rules when posting logs and asking for help.

I hope somebody takes the time to help so the hours I invested don't go to waste.

Many thanks.

8 more replies
Answer Match 70.56%

And by completed the steps i mean i wasnt able to partially do any of the five steps

Step 1: I cant access the add/remove programs option on the control panel, it comes up with this message.

This file does not have a program associated with it for performing this action. Create an association in the folder options control panel.

Step 2: I cant use email on the computer, keeps saying cookies are disabled even though i put it to allow all.

Step 3: Well i never cleaned the system so why bother trying to install these programs? I probably wouldnt be able to install them anyway.

Step 4: When i go to the update site, it says it cant continue because one of the following programs isnt working
Automatic Updates
BITS
event log
i follow there directions, my computer refuses to allow me to enable automatic updates

Step 5: im not downloading that program because the way it looks im gonna have restore my system

so is my system completly messed up or can you guys help me out?

More replies
Answer Match 69.72%

Hi all,

this is my first post and I wish it was on better terms. I am getting pop ups telling me that I have Win32.trojan.rx My back round on my desk top turned red and I have no access to my task manager.

I have tried downloading DSS but cannot.

Things I have already tried (hopes this helps in coming to a quicker resolution)

1) Run Adaware in safe mode
2) Run Spybot in safe mode
3) Run Ez Armor virus scanner in safe mode
4) Run cc Cleaner in safe mode
5) Delete temporary internet files
6) down loaded but have not yet run AVG anti virus.
7) Looked for suppicious items in control panel (ad remove programs) found slotchbar but cannot remove it.
8) Made hidden files viewable

My biggest fear is that this trojan got a hold of my banking and credit information. Is there anyway to confirm?

Listed below is my Hijack this log. I know you are all very busy and appreciate your help.

Logfile of HijackThis v1.97.7
Scan saved at 2:34:58 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDO... Read more

A:Win32.trojan.rx Need help (completed basic steps)

Update:

I also ran SmitFraudFix and had it clean files as well.

I dont know if the problem is fixed but I now have access to my back round and task manager. My computer is also NOT alerting me any more telling me I have a virus.

Im skeptical to think I am cured but I posted both the smitfraud fix log and a new Hijackthis log below. Please review and let me know. Thanks for your help.

SmitFraudFix v2.194[/B]

Scan done at 15:10:25.20, Sat 06/09/2007
Run from C:\Documents and Settings\John Pagnotta\Desktop\Antivirus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process


???????????????????????? hosts


127.0.0.1 localhost


???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri


???????????????????????? Deleting infected files

C:\WINDOWS\susp.exe Deleted

???????????????????????? DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS2\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpN... Read more

14 more replies
Answer Match 69.72%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:43 PM, on 3/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exeC:\Program Files\Common Files\AOL\1133363615\ee\AOLSoftware.exeC:\Program Files\Yahoo!\Antivirus\CAVTray.exeC:\Program Files\Yahoo!\Antivirus\CAVRID.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\CreataCard\Gold\FMRemind.exeC:\Prog... Read more

A:Hijack This Report-prior Steps Completed

Hello bigdaddy43 and welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log.Please tell me what is wrong with this computer. Thank you for your patience.

6 more replies
Answer Match 69.72%

Hello and this is my first post.. I'm using an account a friend let me use.

Earlier this week I was viewing a page in Internet Explorer(Mind that I don't prefer IE, I mainly use Firefox) and something attacked my system and started bringing up popups about a "free spyware remover" program, telling me my computer was infected. Knowing this was a hoax, I closed them, only to find that they'd uploaded something to my system. It seemed like adware. There was an icon in the taskbar that would not go away, saying the same thing as the popups- "Your computer is infected! Click here to download spyware remover!" On top of that, the files or whatever have disabled most administrative capabilities I once had, like the Control Panel, Add/Remove programs, and even the Desktop Properties menu.

Now I've tried at least 4 programs to rid myself of this annoying problem- Norton, SpyBot S&D, and none have fixed it.

A friend recommended me to you guys and it looks like you really know what you're doing. I've completed steps 1-5 to the best of my abilities as of now. I couldn't even do step 1 due to the fact that the malicious stuff has disabled my Control Panel. Step 2 concerning the Panda ActiveScan was unsuccessful, as the popup window doing the scan mysteriously closed part-way through the scan.

Anyway, here's the DSS and HijackThis reports. Any help is greatly appreciated. I want my computer back! And REVENGE!

Deckard's System Scanner v20070826.66
R... Read more

A:Spyware/Malware/SOMETHING Steps 1-5 completed(kind of)

Sorry for the double post, there doesn't seem to be an edit button.

Also try to keep it in layman's terms, I'm not that much of a computer wizard- just a gamer.

16 more replies
Answer Match 69.3%

Hi,

I have picked up a virus that has deleted my anti-virus programs and prevents me from installing any new ones. I can install them, but the "exe" file is immediately deleted. I am also prevented from booting into safe mode-I get a message that states there have been hardware or software changes that prevent this. I am also unable to activate my firewall protection. I would certainly appreciate any assistance!!!

Deckard's System Scanner v20070809.63
Run by rickir on 2007-08-15 at 07:28:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2007-08-15 12:28:55 UTC - RP796 - Deckard's System Scanner Restore Point
96: 2007-08-14 19:18:09 UTC - RP795 - Installed AVG 7.5
95: 2007-08-14 19:05:17 UTC - RP794 - Installed AVG 7.5
94: 2007-08-14 18:48:19 UTC - RP793 - Installed AVG 7.5
93: 2007-08-14 18:43:12 UTC - RP792 - Installed AVG 7.5


-- First Restore Point --
1: 2007-05-17 22:53:35 UTC - RP700 - Installed WordPerfect Lightning.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as rickir.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:39 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE:... Read more

A:Virus deletes antivius progs-steps 1-5 completed

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I'd advise you to first back up any valued data now. If you really have a file infector, your OS may be in serious jeopardy. That said, you were able to run DSS, so it may just be that the infection is disabling the AV, not deleting it. I still see services from Avast in your logs.

---------------------------------------------------------------------------------------------

Please disable Winpatrol, as it may hinder the removal of some entries. You can re-enable it after you're clean.
Right click the running icon of winpatrol, and choose exit.

---------------------------------------------------------------------------------------------

Open HijackThis and click o... Read more

15 more replies
Answer Match 69.3%

Deckard's System Scanner v20071014.68
Run by David Anderson on 2008-01-27 11:16:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-01-27 18:13:39 UTC - RP1115 - Software Distribution Service 3.0
15: 2008-01-27 17:26:16 UTC - RP1114 - Software Distribution Service 3.0
14: 2008-01-26 23:57:46 UTC - RP1113 - Software Distribution Service 3.0
13: 2008-01-26 23:04:19 UTC - RP1112 - Software Distribution Service 3.0
12: 2008-01-26 22:56:02 UTC - RP1111 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-11 13:37:32 UTC - RP1100 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-27 11:39:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap... Read more

A:spyguard pro infection (steps completed and logs are included)

Bump!

2 more replies
Answer Match 68.46%

Hi all,

Both firefox and ie are not working for many websites. Google search being diverted to ad sites. I have followed the 5 steps process and attached panda results and extra.txt files are attached. Main.txt contents is pasted below. Thanks a lot in advance for helping me.

Deckard's System Scanner v20071014.68
Run by KAravind on 2008-06-22 18:01:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-22 22:01:17 UTC - RP44 - Deckard's System Scanner Restore Point
1: 2008-06-22 07:24:21 UTC - RP43 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as KAravind.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:51 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\... Read more

A:IE popups + Google search not working in firefox - 5 steps completed

Hi, welcome to tsf!

sorry for the delay.

if you still need assistance, please post a fresh main.txt log.

1 more replies
Answer Match 68.46%

Hello
I have been having an issue with Winantivirus pop-ups which have led to various spyware and adware infections. I have seen many variations to the pop-up including winantivius, winantiviruspro, errorprotection, winantispyware, as well as many pop-up and new browser window ads. I have also noticed minor degradation in system performance.

I have completed the 5 steps and have all logs from scans available.
Below is the main text file and attached is the extra text file from the Deckard scan.

I am not sure what additional information would be helpful to the analyst. One concern i have is that SP2 has already been installed. If anyone could assist I would greatly appreciate it.

Thanks
Matt

Deckard's System Scanner v20070905.67
Run by Matthew on 2007-09-07 18:52:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-09-07 22:52:52 UTC - RP217 - Deckard's System Scanner Restore Point
3: 2007-09-07 22:30:56 UTC - RP216 - Software Distribution Service 3.0
2: 2007-09-07 18:22:20 UTC - RP215 - Removed Get High Speed Internet!
1: 2007-09-07 16:32:35 UTC - RP214 - Installed Windows Internet Explorer 7.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Matthew.exe) ------... Read more

A:Winantivirus and related PUP adware spyware issues. 5 steps completed

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

==============================

Please download Combofix from HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

9 more replies
Answer Match 68.46%

Hello,Great forum by the way! I have found tons of useful information here but unfortunately I am still experiencing some issues. A few days ago the computer was infected with Antispyware Soft. I received all of the typical infection signs and went through the manual self-removal steps. This stopped the issue of the false warnings but shortly after I noticed that I was experiencing the same redirect issue that others have experienced with this infection. I went through the manual steps including removing the Doc&Settings folders it created as well as the registry values. In the registry, there were some values listed as Antispyware Suite in addition to the 'Soft'. I also went through the steps on another forum's post before finding this one. None of the removers can locate anything now and I even ran a rootkit download tool that was recommended. It found one item, removed it and everything worked normally for a few minutes then more of the same redirect issue. Nothing so far has found anything else. Yet every time I try to perform a search, I get redirected. Sometimes without even running a search: just scrolling on a page will cause a redirect to one of several different sites but all seem to pertain to shopping, advertising or search sites.I have run so many things that I cannot remember them all now but I do know there is something definitely still on the computer but nothing is finding it. This is even causing the internet connection to go undetected a... Read more

A:Antispyware Soft Infection: Removal steps completed but still having issues....

Hello, KarenReyWelcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 4-5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if th... Read more

13 more replies
Answer Match 68.46%

Please help my laptop keep telling me i have worm.win32.netsky all 5 steps completed. Main.txt below and extra attached. Thanks for all the advice - newbie with no clue





Deckard's System Scanner v20071014.68
Run by Davinia on 2007-11-23 17:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2007-11-23 17:26:44 UTC - RP170 - Deckard's System Scanner Restore Point
63: 2007-11-22 21:44:56 UTC - RP169 - System Checkpoint
62: 2007-11-18 19:34:31 UTC - RP168 - Removed LiveUpdate Notice (Symantec Corporation)
61: 2007-11-15 13:27:46 UTC - RP167 - Software Distribution Service 3.0
60: 2007-11-13 16:15:21 UTC - RP166 - System Checkpoint


-- First Restore Point --
1: 2007-08-25 10:58:20 UTC - RP107 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 17:29:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32... Read more

A:laptop popup says it has worm.win32.netsky all 5 steps completed.

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.


Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Start the computer in Safe Mode:When the machine reboots, tap the F8 key before Windows starts
You are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.

~~~~
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

When it is done, a log named rapport.txt is created, listing infected files (if present).

~~~~
Restart the computer to complete the removal process.

~~~~
Next, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post... Read more

4 more replies
Answer Match 67.62%

Thanks for your help. Chrome stalls and when closed it takes 5 or 6 tries to re-open. Start-up is also VERY slow? I completed the logs you need, I don't have a Windows Install disc or a Boot CD, but I have made a backup. thanks, - Jason



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Jason at 14:00:44 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1656 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:... Read more

A:Completed initial scans/steps -- browser stalls and slow start-up

bump, please :)

3 more replies
Answer Match 62.16%

My computer began directing my searches to non-google sites and bringing up popups. I was running windows defender and AVG. I use firefox for browsing. All are up to date. Running Windows Vista Home in a newer HP desktop, wired connection. I was not able to update any programs (ad aware, spybot, AVG, windows defender, etc). Also, when I run hijack this I get an error message indicating that hijack this was "denied write access to the hosts file". Hijackthis automatic analyzers do note some problems files but when I check them and click fix, they are still there after I scan again (including after a reboot). That line is:"O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe"I (ignorantly) ran combofix already as directed by a related forum post. It indicated that there was a trojan infection, restarted the computer and instructed me to re-run. I did and it created a log, though I understand I'm not to post that unless directed. It helped, now I can update my programs and I have not been redirected when searching, but I'm sure I have not completely addressed the problem(s) yet, thus, the request for your help (thanks in advance).Below is the DDS log and attached is the, er, attach.txt file per these instructions:DDS (Ver_09-03-16.01) - NTFSx86 Run by Bedroom at 16:53:36.05 on Sat 03/21/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3582.2192 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enable... Read more

A:Unknown malware or trojan - initial steps completed per initial posting instruction

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 53.34%

If someone could please give me some advice. My computer is really, really slow. I'm suspecting it's some sort of spyware or malware....though I've run both AdAware and Spybot on it and deleted everything there. The following is the log from HJT if that helps. Any advice would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 6:02:56 PM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Home\Desktop\hijackthis\H... Read more

A:Help! Computer's really bogged down

9 more replies
Answer Match 53.34%

Okay, here's the dealio. I've got a Dell Dimension E310 Desktop. 46 GB hard drive, 1024 RAM, OS is Windows XP Media Center. Two days ago I ran a couple of virus scans and spy-ware scans. For the virus I use: Antivir Classic. For the Spy-ware: Ad-aware SE Personal. The virsu program found numerous files on just the guard setting. I told the program to delete these files, it couldn't. The "detection" box kept popping up with the same file name and same virus identity. I ran a full system scan using both programs. The spy-ware found 56 objects which I deleted. The virus program found 5 objects, 2 of them it could not delete. I searched for the files and found they they were in: C:/windows/system32/??/command.exe. I was hesitant to delete it, not knowing what this is. The other file it found was C:/??/System Volume Information/??/A014565?????/. Today I turn on the computer and log in and it plays the welcome sound and shows my desktop background, but doesn't load the icons, system tray, Minimized program bar, or my start button. I log out, log back in and it loads up normaly, although very slowly. I try to open a few programs, but it takes forever for them to open. I sign into Windows Live Messenger. It signs me in and when I click to minimize it, all of my desktop icons disappear. I click on the box in messenger to open Internet Explorer and go to my e-mail inbox. It just sits there, doing nothing. I open a new tab to go to techsupportforum.com and it does nothing. It... Read more

A:Help! My computer is bogged Down!

Okay, so its not as bad as I orignally thought. I can still open programs and play music and the such, but I cannot access the internet and my destop icons are still missing.

5 more replies
Answer Match 53.34%

I am trying to figure out why my computer is bogged down so much...Sometimes it takes a real long time to load anything up, or to get to webpages...I know I have spyware/adware but Spybot does nothing...It shows just a few entries, but when I ran noadware, it said I had over 100 items that are not critcal to severe...Please help!Here is my logfile from hijackthisLogfile of HijackThis v1.99.0Scan saved at 9:12:54 PM, on 12/23/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\... Read more

A:Pls Help...My computer is bogged down!

Hi Please uninstall from Add\Remove Programs:TSAPlease print or copy these instructions because you are not able to access the Internet in SafeMode.Download Ad-aware SE 1.05: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL ... Read more

1 more replies
Answer Match 53.34%

HP Pavilion dv7 Notebook PC
Windows 7 home premium version 6.1.7601 SP 1 build 7601
 
Hello, a friend sent me to this forum. Two days ago we noticed a major decrease in responsiveness of this pc. Currently, Chrome takes upwards of 10 minutes to open. whole pc freezes randomly for 5+ minutes at a time. I tried to run malware bytes, spybot and avast and none will open. Decided to go into safe mode and try.. spybot and malware bytes ran and did their thing. avast opened but never advanced past the first item to scan when left for over an hour to run. ran panda cloud and it found some malware but nothing major and no viruses found. At this point, pc will only run smoothly in safe mode. Out of ideas on what to do to resolve this an d came here in hopes someone else might be able to help. 
 
thx in advance.

A:Bogged computer

Welcome to BC !
 
Please post the scan logs for MBAM and Panda.
 
Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings
In the top-right corner of the browser window, click the Chrome menu
Select Settings.
At the bottom, click Show advanced settings.
Under the section "Reset settings,” click Reset settings.
In the dialog that appears, click Reset.
 
Try running these programs.
 
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will... Read more

21 more replies
Answer Match 53.34%

a few days ago i was looking into why my computer was acting up. I came across this forum. Now, I ran the TDSKiller app posted. It came up with a slew of rootkits and such so I got rid of them. Now it seems, like I am still getting malware, even though I run the TDSKiller app(it shows nothing), I know this because I had bought the Advanced System Care Pro When I do a deep scan it pulls up various malware. Google Chrome keeps asking me to kill pages, I cannot install Shockwave player. Every once in a while it says it becomes unresponsive. There is even an automatic update from windows that seems to not install. It is: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707) I have been noticing the CPU goes up really high and the computer just freeze's for a while, then unlocks. Very frustrating. Sometimes I even think something is going on with my internet. I feel as if I am not getting the speeds I am paying for but that my just be the provider I need to ask. And also, sometimes I cannot cut copy or paste.
I don't know what else to do. I cannot even install Java on this computer without it telling me that it is already installed, when i know its not because I uninstalled it to refresh it, and when I click on the do you want to install it again, it tells me that this option can only be used for the application if it is already installed. I really hope I am doing this right. Sorry if I didn't.
Here are the logs:

Logfile o... Read more

A:bogged down computer :(

16 more replies
Answer Match 53.34%

My computer is only a year old and already it is noticably slower. It's a Dell so it came with a bunch of junk on it, but I think I cleared most of it off. Can someone tell me processes/programs what I do and do not need? The main things I do with my computer are use Firefox, Adobe Photoshop, iTunes, and Microsoft Office. So anything that doesn't affect those programs pretty much isn't needed I don't think. There are almost 60 processes running and I know there shouldn't be that many. Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:29:28 PM, on 2/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap... Read more

A:Computer Bogged Down By Who Knows What

Hello Katia,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

6 more replies
Answer Match 53.34%

I've done everything in my novice knowledge about computers to get this system running smoothly again and it is not working.

The issue: it appears something is taking up system resources. I'm getting slow performance from my programs running particularly with iTunes which crackles with every song. I'm also a Norton Utilities user.

System Information: Windows XP, 512 MB RAM, 80 GB HD, 20GB partitioned (into 2 drives) HD,

What I've done already:

Norton Antivirus System Scan - Nothing found.
Spybot Search & Destroy - Nothing found.
Trend Micro Antivirus and Spyware Scan - Nothing Found.
Cleaned up unnecessary files - including recycle bin, internet cache, etc
Installed Webroot Spy Sweeper - found 3 cookies and deleted
Degrag Hard Drive
Wiped Drive D: -- This is the original hard drive on the computer that still had WIN98 on it. Couldn't remember how to reformat the hard drive (which is partitioned into 2 drives), so I simply wiped the one that had the OS and the programs. Still no difference in system performance.
Used Norton Utitilities one button checkup that checks the registry, shortcuts, etc.
Updated Windows

I believe I've narrowed the issue down to the system cache, but I don't know how to investigate further. Norton is showing at this moment 64% of my CPU being used with just Opera, Webroot Spy Sweeper, Zone Alarm, Norton Antivirus, and Roxio's Go Back running. It is also showing over 36 MB of cache being used which is 8... Read more

A:Computer is getting bogged down...

8 more replies
Answer Match 53.34%

Hi folks, any help or assistance would be greatly appreciated!Logfile of HijackThis v1.99.1Scan saved at 1:49:57 PM, on 10/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\WINDOWS\system32\atiptaxx.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.comR1 - HKCU\... Read more

A:Computer Bogged Down... Help!

Hello burkg and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

The only odd thing I see is that IE is in the startup programs. Is there a reason for IE starting when the computer boots up?

What I suggest is posting a question in the XP forum. They can assist with non-malware related performance issues. Let them know that you have been to this fourm and that no malware was found.

Cheers.

OT

3 more replies
Answer Match 53.34%

Recently, My computer has been bogged down. Programs lock up, IE crashes/takes forever to open, and games are laggy. My computer has been running great, but as of the past month I have run it, its gotten worse. I have pretty good computer knowledge and tried everything before I decided to come here. Unfortunately a few days ago I ran combofix just in case, not aware you request it not be run yet.(Sorry)

I have run malware and virus scanners. 3 different scanners. AVG, Comodo, And Bitdefender online.
Computer was opened and cleaned using compressed air. I have 5 case fans on it, rooms around 67 degrees.

I am running windows 7 on:
ASUSTeK M4A78-E
AMD Phenom II x4 955 Black Edition @ 3.2ghz (NOT OC)
4Gig ram
Geforce 8800 GT OC edition (Not user OC)
600watt P/S

I looked at my logs but nothing sticks out:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:13 PM, on 8/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
D:\Advanced SystemCare 4\PMonitor.exe
D:\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
D:\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\HP\Digita... Read more

A:Computer bogged down

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415380 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

23 more replies
Answer Match 53.34%

This computer has issues. All programs are running in slow motion. Processor is running a 100% at times. Access to the internet takes forever. I don't know if I can slavage it or trash it and start with a new one.
Attahced is the logfile for your review.

Please help if you can,

Thank
 

A:Bogged down computer

"bump"
 

2 more replies
Answer Match 53.34%

Hi I ran a Hijackthis scan wondering of you could take a look and let me know what I don't need. My computer is running very slow and I cann't run my Norton anti Virus which needs to be take out and replaced with something else any thoughts on that? What do you think of AVG anti virus program anygood?
Logfile of HijackThis v1.99.1
Scan saved at 4:49:32 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Rea... Read more

A:computer is bogged down

15 more replies
Answer Match 53.34%

Lately, I've been noticing that a lot of Internet Explorer tasks have been taking much longer than usual, in some cases causing the computer to freeze. I'm wondering if I the user of this computer might have picked anything up from web sites (she thinks she may have). Can anyone shed some light on this?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:05 AM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Ex... Read more

More replies
Answer Match 52.5%

Hey.

I was searching for a similiar spyware problem and found you guys. I have installed almost every anti spyware app available to no avail. I think this thing is a new spyware threat and we will probably hear about this in the future. My temporary solution for it is to install firefox as a browser and use it. It also gets hijacked but firefox blocks the pop-ups and you can just press the back button

What i found out about it is the following:

- It sets your IE home page to
- It opens your computer for all kinds of other nasties. XXXtoolbar and download.trojans and so forth which your spyware apps should be able to stop. Well mine did anyway.

-Now when you have this on your computer it brings up a window claiming to be an Windows Error(at any time). The heading is 'Error #317 - Microsoft Windows Security Warning'. The content say that you must patch your pc because private information is accessed via ports 8080 and port 3128. Click ok to download anti spy software. I didn't try that

- I dont know if this is relevant (
I installed Security Task Manager which basically just examine all running processes and gives you a description and a threat indication on each process. I found 2 processes running on my machine that this program indicated as a threat with certain criteria on why. One of its criteria states that the files it ran from is missing?? These files reside in the Windows directory. I rescanned my processes and they where gone. I rebooted with t... Read more

A:Please help computer is bogged by spyware

Hi koevoet

Welcome to TSG!

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

3 more replies
Answer Match 52.5%

It is taking forever to do anything on this computer. Very slow and bogged down. Pandascan did show 2 viruses and numerous spyware. Here are the logs.


Incident Status Location

Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt ... Read more

More replies
Answer Match 52.5%

My computer has been extremely slow and disfunctional. I ran spybot, norton, and ad-aware, and they came up with nothing. My internet is really slow, and it frequently goes into "not responding" mode before a page is displayed. I've also noticed that a ".pl" is sometimes inserted after a webaddress in my bottom toolbar while explorer is loading the page (seems unusual but I might not have noticed it before). Also, my AIM won't sign on, and I've logged on on other computers successfully. Please help, it would be much appreciated.
Here's my latest HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 12:47:10 AM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wan... Read more

A:computer is majorly bogged down, please help me

This log looks pretty clean, actually, but.....
You have an outdated version of HijackThis. Click here to get the latest version of HijackThis and run it.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

1 more replies
Answer Match 52.5%

Yes, I have a computer that is just very slow, and at times it will not even open applications. I can not get on the internet with it to be able to download anti-virus programs and scan the system and try to fix it. I did get Hijackthis with another computer and was able to get it on that one. I don't even know if there is a real infection messing things up. I am kind of thinking there has got to be. Cause every time I reboot the computer... which has to be a lot... it says that the anti-virus on there has detected the trojan of DcomRpc.gen Yes, it comes up with an anti-virus thing, but this anti-vius does nothing... it says it has deleted the trojan, but it says it is there and removed every time the system starts up. I don't know if a hijackthis log will help out or not, but I have one below I was helped with Cool Web Search with this and hope it can help with my other computer.Logfile of HijackThis v1.99.1Scan saved at 9:48:42 PM, on 1/25/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WIND... Read more

A:Not Really Sure What... Computer Is Bogged Down And Non Functional

Click here to download ewido security suite - it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Click on scannerClick on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido.Click here to download Ad-Aware SE 1.06 and install' if you haven't already got it. Launch Ad-aware and click on "check for updates now" to make sure you have the latest reference file. Click "Start"Select "Perform Full System scan"Click "Next" to start the scan.When the ... Read more

2 more replies
Answer Match 52.5%

Hey everyone! Hope you're all doing wellMy computer has recently been acting up... Slowing way way down, the Mozilla FF folder keeps popping up when I'm online, and so on. Tons of processes are running that I have no idea what they are. Someone told me I should download and run HijackThis, but I'm a noob and have no idea what the results mean. When I clicked AnalyzeThis, it pointed me in the direction of this forum... I guess I'll go ahead and post its log and see if anyone can help me interpret:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\PROGRA~1\McAfee\... Read more

A:Bogged down computer, first try with HijackThis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

6 more replies
Answer Match 52.5%

Greetings all;

In the past week my computer has been getting progessively slower due to an unknown issue.

I have run multiple Virus Scanners such as Malwarebytes, Ariva is my main Antivirus, I have done CCleaner and I also use Advanced System Care along with Spybot Search and Destroy.

I have not had any luck with anything finding anything, so now I am relying on my dear friends that know HiJackThis.

Please help with my LogFile below as I cannot make heads or tails of it.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:11:46 AM, on 12/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
D:\Microsoftoffice\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\ProgramData\BOINC\projects\www.primegrid.com\primegrid_llr_... Read more

A:Browser and All around Computer is getting bogged down

I re ran HiJackThis in Safemode. I remember someone telling me to run it like this before with nothing else running.

So here is the LogFile from the Safemode Scan.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:23 PM, on 12/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microso... Read more

3 more replies
Answer Match 52.5%

Have no idea whats going on. Have run e diff programs to clean stiil boggedd!!!
Scan saved at 10:01:08 PM, on 1/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Fil... Read more

A:XP computer bogged down...Log posted

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Answer Match 52.5%

I have a Dell Inspiron E1505 laptop with Windows XP. Norton Business Suite Antivirus is my firewall. My laptop is constantly slow and contains numerous random popups as well as redirects. I successfully executed the DDS and the report is pasted below as well as attached as instructed.

I've tried running the GMER tool and I usually get either a stack memory dump or the CPU gets bogged down and the tool runs to a halt. I've also tried running GMER with the 2nd option of only the "C" drive as well as "Section" check boxes checked. Same result in these executions.

I've ran my Norton as well as Malwarebytes and they do not detect any viruses.

-------------


DDS (Ver_10-03-17.01) - NTFSx86
Run by Frank Bui at 11:39:19.57 on Fri 10/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1147 [GMT -7:00]

AV: Norton Business Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Business Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe... Read more

A:Bogged down computer and redirect

Hi

Please run the following:

Scan With RootKitUnHooker
Please Download Rootkit Unhooker and save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

19 more replies
Answer Match 52.5%

Hi I was wondering if someone could take a look at my hijackthis log. My computer is almost at a standstill when booting up and running simple tasks. I did most everything on this topic, but didnt help much. Please let me know what I can do. Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:58:43 PM, on 3/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS&... Read more

A:Bogged down computer! Hijackthis log

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 52.5%

I've just been told that the family computer (which I don't ever use) seems to be riddled with viruses and is practically unusable. The problems include:

the desktop icons and start menu disappearing

when searching on the internet the browser redirects to a blank white page with something along the lines of "whiteboy" in the address bar (both firefox and internet explorer)

a folder on the computer seems to contain literally hundreds of fake .rar files all around 1 MB in size

the computer currently has no antivirus software installed, and it seems it isn't possible to install any, as somehow the registry cannot be edited during installation (don't know whether some kind of virus is preventing it from happening)
The computer is running XP Pro with SP1. It did have SP2 but due to a previous problem a fresh install of windows had to be done, and just haven't got round to installing SP2 again.

Whether these are separate problems or related I do not know, but don't really know where to start with trying to fix them. I've gotten rid of viruses, adware etc in the past, usually from following online help, but now the state of the pc seems to have gotten out of hand due to the people using it not being the most computer literate in the world, and not bothering to highlight these problems as they each occured. Also I don't really know what's been getting downloaded, installed etc and no one seems to be very forthcoming.

Than... Read more

A:Computer bogged down by viruses

Your other thread was closed because you're operating system is not genuine.

I'm closing this one as well.

Do not start another thread for assistance with this computer or your account will be disabled.

You need to get a genuine OS and do a complete wipe and reformat.
 

1 more replies
Answer Match 52.5%

The computer is so slowed down, and the spyware keeps reinstalling itself and opening windows trying to sell antispyware stuff on top of that! The hijack this log is as follows. Also, is there anyway to fix this without going into safe mode, a week ago safe mode wouldn't start up and the computer would instantly reboot.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Hml.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Outlook Express\msimn.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\ALURIA~2\SecurityCenter.exe
C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\pchbutton.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Messenger\msmsgs.exe
F:\blah\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\... Read more

A:Please help computer is bogged by spyware

12 more replies
Answer Match 52.5%

Here is the HijackThis log. I used AdAware 1.06 and Spybot 1.3 before using HijackThisLogfile of HijackThis v1.99.1Scan saved at 12:41:11 PM, on 8/6/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apache Group\Apache\Apache.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Apache Group\Apache\Apache.exeC:\Program Files\No... Read more

A:Computer frequently bogged down

Welcome Gladys to Bleeping Computer.

Can you tell me, did you have an infection on the computer lately (remember it's name?)

I see you are running both SpySweeper and AVG activly. That's not a good idea.
In fact, it is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.

Please choose one to run active and use the other to checkup let's say once a week or so.

5 more replies
Answer Match 52.5%

Logfile of HijackThis v1.99.1Scan saved at 2:27:58 PM, on 9/5/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\cisvc.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\system32\RioMSC.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\System32\DSentry.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\System32\spool\dr... Read more

A:my computer is bogged down...log hijack

Hello frankgrimes and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.It appears that there are multiple anti-virus applications running on this computer (AVG and McAfee). It is not recommended to have this because it can cause file access issues and if there is an infection the multiple programs can block each other from dealing with the infected file. I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems.Step #2Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\... Read more

1 more replies
Answer Match 52.5%

In the past 6 months my computer has gone from being very fast to extremely slow and difficult to navagate between programs as well as extrememly slow navagating around the internet. Any help would be greatly appreciated. Below is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:08 AM, on 1/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MySoftware\MyInvoices\Tracker.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\prowmpfro.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDeskt... Read more

A:Computer Bogged Down/SLOOOOW

Browsing has now moved to 3-5 minutes before each page is displayed.....Anyone able to help?
 

1 more replies
Answer Match 52.5%

So, I went over to my aunt's house to help my cousin install her new printer. She's had her computer for about three years, and bought it when it was new.

I noticed it was really slow, and we were getting various errors throughout the installation (which never got completed). Besides the issues of viruses and spyware, the Control Panel will fault Explorer and close with an error. Also, a lot of installers won't work, because it says an error about the Windows Installer not functioning properly. So, I couldn't scan with Ad-Aware beforehand. And, Windows Update won't work - when I go to the website, I select Express or Custom and I receive an error.

I did scan with Spybot - S&D and AVG Free 7.5, and they removed quite a lot. I have a HJT log, but I can't post it 1. on this board and 2. because it's version 2 BETA. I also ran Cleanup! 4.5, and that removed almost 1GB of temporary files.

I see two options:
1. backup everything and wipe the HDD, since it's been three years since the thing's been maintained, then just start from scratch
2. Cripple through everything and try to work everything out

I may have to go through one. I feel there may be some deeper stuff that I couldn't get, and there is a recovery partition.

What do you recommend?

A:Decent Computer Bogged Down

After three years, with probably no routine maintenance and no anti-malware used on continuous basis, it would probably be much easier, faster, and certainly more thorough, to wipe the hard disc clean and reinstall Windows. Just make absolutely sure you have archived anything they think important (family pictures, etc.) first.
This would give you time to review security best practices, etc., with them so that the problems would not repeat themselves.
Regards,
John

1 more replies
Answer Match 52.5%

my computer has become very slow, it now takes 8-10 mins to move a file to my external hd i ran hijack this hopefully it is attached can anyone explain what is wrong or what is needed please? Thank you very much for any help. This happened over 2 days I've run avg 7.5, spybot s&d and adaware se and systems still very slow
 

A:computer is bogged down very slow

6 more replies
Answer Match 52.5%

Computer takes 1/2 hour to start up. Extreme slowness issues. Almost unusable. Had to use working computer to load HJT. Would sure appreciate help!

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:59 AM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis.exe

R0 - HKLM\Software\M... Read more

A:Totally bogged down computer

I forgot to mention, I had to use a selective startup to be able to do an HJT scan.

1 more replies
Answer Match 52.5%

hi... im running Windows XP and lately it has been getting slower and slower... i ran hijackthis and this is what it came up with... if someone can help me with this i'd really appreciate it.

thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:20 AM, on 01/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Mic... Read more

More replies
Answer Match 52.08%

Now that I have cleaned up my computer, I want to get DHs done as well. Below is his log. Any help would be great. Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:36 PM, on 07/16/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digi... Read more

A:Computer Bogged Down - HijackThis Log - What to fix/remove?

Any advise? Thanks again.
 

1 more replies
Answer Match 52.08%

Hello, It's been awhile since I needed to ask any advice here, which means you guys did so well helping me out the last time I was here. Which sadly was due to the fun loving coolwebsearch POS I somehow got ahold of. But my computer is just really bogging down badly and all the scans and avast protections I'm running aren't catching anything or seeing any oddball infections. I run Avast as an antivirus, run random scans with Spybot S&D, Adaware, and try and monitor application activity through procexp and my network activity through Tcpview. I do only have 19% left on an 80G hd, and was able to defrag about a week ago. I'm hoping it's just that I have so much crap on the computer, and not some nice nuisance infection. Thank you for your time, TadLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:27 AM, on 9/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.e... Read more

A:Bogged Down Computer Is Driving Me Nuts

Hello mrne,Welcome to Bleeping Computer Let's see what might be going on. Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Thanks,tea

8 more replies
Answer Match 52.08%

Hi while on my GF's computer(one of very similair make as mine) and noticed hers seems to run significantly slower. Popups come up every so often so i know there is atleast some spyware. I run Superantispyware and AVG and still having issues. Here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:45 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\downloads\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\InstallShield\UpdateServ... Read more

More replies
Answer Match 52.08%

This has been happening on this computer for weeks now.  We have many Gigabytes of data in Outlook folders, but archiving these out to shrink the mailbox size has not improved the performance of Outlook.  In fact, many times the archiving process stops completely before finishing.
 
Aside from that, the rest of the computer is sluggish as well.  We are using Egnyte (an online data storage facility) and those operations seem to be sluggish.  Internet activity in general is sluggish.  We don't have the world's fastest internet connection here, but other computers don't seem to be as bad as this one, even with the same amount of Outlook data in the mailbox, so I'm not convinced that Outlook is the only problem with this computer.
 
Things seem to slow down even when no activity is taking place according to CPU usage (resmon, etc.).  I have disabled things like the indexer and even the Egnyte synch to see if those were slowing us down, but to no avail.
 
I am here because I need to get this problem solved as soon as possible as it is costing us a great deal to not be able to work on this machine.
 
I can submit dumps from MiniToolbox, etc. below, but don't wish to post them until they are requested.
 
Best regards and thanks for your willingness to look at my issue.
 
ML

A:Computer bogged down - Outlook WAY slow

Please use the following link to provide us with information about your computer so that we can assist you.How to Publish a Snapshot using Speccy

2 more replies
Answer Match 52.08%

Hey for the past few months I've randomly been getting popups that open in IE even though I only use firefox. It seems completely at random when this happens and sometimes I'll get no popups while surfing and other times I'll get up to 5 at a time. Rarely I even get them while idle for a few hours, which leads me to believe it's just completely random at when they happen. The pop ups all seem to go to generally the same sites although I never really payed attention to which since I just click out of them right away so I can't really tell you any, sorry. Lately I've also been getting some that try to install anti spyware and anti virus software but I know that it's really just installing spyware so I make IE have an error to stop it from installing them since it won't let me simply close them. Again I'm not all too sure which software they're installing or the sites, sorry. Since that has started my computer has seemed to be running a lot slower so I suspect the two are connected so I figured it's finally time to fix the problem. Until now it's been nothing but a minor nuisance. Also I have installed AVG anti virus, ad-aware, SUPERAntiSpyWare, and CCleaner, although none of these have been able to fix the problem.

Thanks in advance to any help you can provide me : )
-Rob


Here's the logs:

DDS (Version 1.0) - NTFSx86
Run by HP_Owner at 16:14:22.48 on Fri 11/28/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.505 [GMT -5:00]

==============... Read more

A:Random popups and bogged down computer

Hello -

It seems you may have run ComboFix. If so, please post it's log, located at C:\ComboFix.txt

14 more replies
Answer Match 52.08%

Just been having problems with multiple pop-ups and lag

Here's a logfile of HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 5:59:12 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinAn... Read more

A:Computer running slow and bogged with pop-ups

11 more replies
Answer Match 52.08%

The family computer which has Windows Vista on it is very much bogged down and I want to find a way to clean it up. It is a store bought eMachines computer that had a bunch of crap preinstalled on it and the dial-up on it is ridiculous. My computer which Win XP Pro uses the same dial-up on it and I get a great connection 49.2-50.0 Kbps, which I understand is very good for dial-up. The Vista computer get about the same connection 49-50.6Kbps but is a hell of a lot slower than mine. I know that different locations in the house can have different speeds and can be different, but both computers get about the same connection. I figure the Vista computer, since it was store-bought, has a lot of stuff on it that has caused it to bog down. I am still learning about Vista since most of my advanced computer knowlege is focused on Windows 98 - XP. I defrag it regularly and run computer clean up on it but the hard drive doesn't defrag completely. Most of the time when I defrag the hard drive, the end result is further fragmentation. My Windows XP computer defrags down to 0% fragmentation, but on the Vista computer, it gets higher than the initial run. I know that Vista is more advanced and complicated than Windows XP, but this is ridiculous!

Thanks, Adam
 

A:Vista computer is bogged down and slow Need help

16 more replies
Answer Match 52.08%

Mom's computer has been bogged down for a while. She has windows XP home edition.

Ive ran norton anti virus, adaware. also cleaned out start up menu. while doing so I found a process entitled "1". I couldnt get much detail but when googling it says its a worm. The start up menu didnt have a location just a registry key..it started off HKCU/software/microsoft/windows/current version... thats all I could get.. I did a search for it on the computer but couldnt find it.
The computer is very slow at start up and very very slow while working on it..while I cleaned up the start menu I noticed the performance was better but it is still bogged.

Can someone please help me? Here is the HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:50 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Pro... Read more

A:Solved: PLZ HELP-mom's computer very slow bogged down

11 more replies
Answer Match 52.08%

Hi all,
 
Computer is acting strange as of the past week or so.  If it goes to sleep, it will not wake up.  When "up" it is slow and the CPU fan goes to high speed often, which was not common previously.  Have searched with Eset as well as MalwareBytes but neither discovered any malware...  can you help?
 
Thanks,
 
wired1000

More replies
Answer Match 51.24%

Here's my spec's
Windows 7 Home Premium 64 bit
AMD Athlon 64 X2 Dual core 3800+ 2GHz
AMD Sapphire PURE CrossFireX 770 model PC-AM2RX780 motherboard
6GB DDR2 800MHz (3 2GB sticks)
ATI Radeon X1300 Pro 256MB
WD 500GB hard drive
500Watt Power supply with cooling fan on bottom
3 system fans for cooling 1 on the front of case 1 on the back and 1 on CPU
My problem is my computer is slow and bogged down at times and takes up to 5 minutes or so to boot up and also standby don't work. Everything is new besides the CPU and the video card that I see by looking this card it don't support Windows 7 I am just wondering what could be the cause of this problem I talked to 3 different computer shops and 2 said it's my video card that is causing my problems but the third said that this card will not cause problems besides maybe problems playing games. I plan to buy a new video card but if I do will this change my problems or would there be some other cause that I don't see. Also I built this system myself thanks for any help you can give me.

A:My computer is running slow and bogged down at times

First things firsts welcome to seven forums, sorry your computer not running good but with the folk around here I'm sure they will be able to sort it.

I'm unfamiliar with that card/chip(gpu) but after a brief search I am of the opinion that your computer should be able to run win 7 with no probs.

Who installed windows 7? Was it a clean install or an upgrade? Has it always run like this?

What programmes are enabled from the start because 5 mins is it touch too long for a boot up.

9 more replies
Answer Match 51.24%

Computer is slow as molasses at times...seems to have malware or some related infection. Currently have McAfee Security Center, full scan said, "no problems found".
Spybot search & destroy, corrected some files but problem still persists.

Computer slow
running Win XP; Pentinum 3; 512 ram

Please help.
Here is the HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:25:39 AM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Prog... Read more

A:Solved: Computer bogged, slow and slower

Your HijackThis log looks fine I would recommend installing Ad-Aware and running that on a full scan and see what comes up.

http://www.download.com/Ad-Aware-20...045910.html?part=dl-ad-aware&subj=dl&tag=top5
 

3 more replies
Answer Match 51.24%

Hello: I JUST updated my ram (4 gb) and reformatted my computer about 6 months ago.

Yet, I still lag badly when playing basic flash games on game sites like kongregate.com

I am only using about half of my 1 terabyte drive and my desktop is pretty clean for the most part.

I have very few programs installed.

Best I can come up with is too many things running in the background at the same time.

I grabbed CCleaner and got a list of what starts up when the computer boots up. But i'm not sure which of these I can safely say bye to ? Especially the adobe ones!

Advice would be MUCH appreciated thank you! Also, though I'm much older, please talk to me like I'm 12 because I'm not really great with computer jargon. Thank you!! :]





Yes HKCU:Run AdobeBridge
Yes HKCU:Run AIM America Online, Inc. C:\Program Files\AIM\aim.exe -cnetwait.odl
Yes HKCU:Run Clipdiary C:\Program Files\Clipdiary\clipdiary.exe
Yes HKCU:Run ctfmon.exe Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run DAEMON Tools Lite DT Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
Yes HKCU:Run MSMSGS Microsoft Corporation "C:\Program Files\Messenger\msmsgs.exe" /background
Yes HKCU:Run RoboForm Siber Systems "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Steam Valve Corporation "C:\Program Files\... Read more

A:Computer Feels Bogged Down- Posted TaskList - help?

Hello JDcompy

I see you are using two anti virus softwares. Uninstall one using the proper removal tool. You do not need any startup items other than your anti virus and driver softwares.

2 more replies
Answer Match 51.24%

A few weeks ago, I installed McAfee. Ever since then, things have slowed down extremely on my computer. Despite security scans in McAfee and including a tdds scan, nothing shows up as a problem. But the computer hesitates when I type and runs extremely slow otherwise. As I stated in the header, when I have the task manager open, I see that the cpu is running at 100%.
 
I received some help from you guys a year or so ago, and you were amazing. Unfortunately, near the end of the process, some major events occurred in my life which overtook the process. Now I am having difficulty again with my computer.
 
Please help. Just tell me what you need for me to do.
 
Thanks eversomuch.
 
K

A:CPU Runs at 100%, computer bogged down; suspect viruses or the like

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/511030 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

31 more replies
Answer Match 51.24%

Hello: I JUST updated my ram (4 gb) and reformatted my computer about 6 months ago.

Yet, I still lag badly when playing basic flash games on game sites like kongregate.com - it's not my internet, Im on the desktop with insanely fast download speed.

I am only using about half of my 1 terabyte drive and my desktop is pretty clean for the most part.

I have very few programs installed.

Best I can come up with is too many things running in the background at the same time.

I grabbed CCleaner and got a list of what starts up when the computer boots up. But i'm not sure which of these I can safely say bye to ? Especially the adobe ones!

Advice would be MUCH appreciated thank you! Also, though I'm much older, please talk to me like I'm 12 because I'm not really great with computer jargon. Thank you!! :]

Yes HKCU:Run AdobeBridge
Yes HKCU:Run AIM America Online, Inc. C:\Program Files\AIM\aim.exe -cnetwait.odl
Yes HKCU:Run Clipdiary C:\Program Files\Clipdiary\clipdiary.exe
Yes HKCU:Run ctfmon.exe Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run DAEMON Tools Lite DT Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
Yes HKCU:Run MSMSGS Microsoft Corporation "C:\Program Files\Messenger\msmsgs.exe" /background
Yes HKCU:Run RoboForm Siber Systems "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.e... Read more

A:Computer feels bogged down- included tasklist- help?

16 more replies
Answer Match 51.24%

Hey everyone,

I've been having issues for about a week now with my laptop, started out completely slowed down so I dumped Symantec and put on AVG. AVG didn't do it, so upon a suggestion, put Spybot S&D and Ad-Aware on and computer started speeding up again, cleaned off useless files, etc. However, every now and then my browsing speed lags and opening files takes much more time. I've noticed Relevant Knowledge is on my computer and I know it has been infecting my system to some degree. Uninstalled the program, deleted shortcuts, etc. but it is still present. Any help to get rid of these viruses, please respond! I need this computer up and running ASAP, I will soon be heading back to college and into a network that does not allow use of any anti-virus software other than what is approved (which happens to be Symantec on top of the network's firewalls).

Thank you very much! Here are the logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:50 PM, on 8/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\snuvcdsm.exe
C:\Program Files (x86)\Spybot - ... Read more

A:Computer bogged down -- virus (Relevant Knowledge?)

10 more replies
Answer Match 51.24%

Trying to fix my families PC after returning from college. Lots of porn popups, and the obvious "Your computer is infected with our spyware so please download our anti-spyware" popup bull. I have a hijackthis log for you all to peek at ;)


Will check back in a few hours. Thanks for the help!

A:Computer bogged down, mass popups, the usual.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present.

As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help....

Please download Deckard's System Scanner (DSS) and Save it to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and Paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\Deckard\System Scanner\extra.txt

Click Upload
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check ... Read more

1 more replies
Answer Match 50.82%

My computer is so slow, I can barely stand to work on it.  It runs fine in safe mode, which is what I'm using to access this forum.  I'm running Windows 7, Home, Service pack 1.  I have Avast anti-virus which doesn't detect any problems, and I've run Malware bytes which also doesn't detect any problems.  I run defrag about once ever 6 months, but I don't install or uninstall a lot of programs, so it only every shows about 6 - 8% fragmented.  I have gone through my uninstall list and have eliminated anything that doesn't look usefull or installed on the system.  The only question I have on these are some E-machine programs that look like I don't need them, but they were there when I first got my computer and it ran fine then.  Can anyone help me?

A:My Computer Has Bogged Down, but Runs Fine in Safe Mode

Welcome to BC !
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
 
After running CCleaner...post the three lists mentioned below using CCleaner:
 
Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.
At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next
post. Please do that.
 
Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you
will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that log... Read more

1 more replies
Answer Match 50.82%

Hi there, my broadband internet connection continually disconnects or often or spikes out without reason. I had my IPS check my connection and there is nothing wrong with the connection itself. Also, Windows XP system resource warning icon constantly flags. I think that the computer is being bogged down with useless applications and processes.Here is the Hijackthis Log:Logfile of HijackThis v1.99.1Scan saved at 5:05:01 PM, on 10/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Saitek\Software\SaiMfd.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Saitek\Software\ProfilerU.exeC:\HP\KBD\KBD.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Common ... Read more

A:Computer Bogged Down With Pointless Applications And Possibly Infected

Hello Azkieo and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.System messages regarding low resources usually point to insufficient ram or hard drive space. If the process attempting to run is tied to the internet access then that would make sense that the connection is failing.It also looks like both Symantec Anti-Virus and Panda Anti-Virus were once installed but are no longer and the uninstall did not clean up all of the files/registry entries. This could also cause issues with programs and internet access.For these non-malware related XP issues it is best to post in the XP forum here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/They can assist with analyzing the system for resource issues and recommend changes or upgrades to boost system performance. They can also help with application removal. Let them know that you have been to this forum and no malware was found. Also let them know the system configuration (cpu speed, amount of ram, hard drive size and amount of free space). Cheers.OT

1 more replies
Answer Match 50.82%

Hi, I just built a new computer, and it's running XP Pro 64-bit. It ran fine for the first week, but now I'm getting a problem everytime I open "My Computer". Instead of showing my drives, it does the search animation. After a minute or two, it will either find all the drives, or it will say something like "This operation could not be completed because (something) is being used by another program." and gives me two options: "Retry", or "Switch To". When I click "Switch To" it opens my "Start" menu.

A (possibly) related problem is when I open IE, I get shown a set-up menu, but when I click "Save Changes" the webpage hangs. I can bypass this and use the internet fine though. Also, my computer randomly hangs sometimes when playing games.

I'm pretty disappointed with all these errors on what was supposed to be my fresh computer... Any help is appreciated.
 

More replies
Answer Match 50.4%

I tried Paid Malwarebytes, Paid Hitman, Defender, Emisoft. I even ran RKill prior to running these... no luck. Computer still bogged down and slow.
 
I just ran combofix.  It came up with a bunch of stuff like: c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
Now I am running ESET online scanner.
 
It presents itself as CPU running at 100% often.
And it seems that there are extra IEexplorer incidents running even when I have it totally closed.  
CPU is t9900 Dual core 3.06 ghz with 6mg L2 cache
4 gb ram.
120gb SSD
This is by no means a new laptop, but it currently is a better work machine than most $500 units on the market due to the L2 cache.
 
I'm assuming you will want to see the combofix file.  I should wait to Let the eset scan finish before I post it.

A:I tried, Malbyts, Hitman, Defender, Emisoft... no luck. Computer still bogged..

Hello chrisarnt and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
 
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
 
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our... Read more

3 more replies
Answer Match 49.98%

Computer goes through it's diagnostics, Dell splash screen, and finally the complete desktop appears. After 15 seconds, the computer shuts down. The power is still on as I can open and close the dvd tray. After waiting approx. 30 minutes, I am able to start the computer and the same thing happens. I have tried replacing the main power supply and the main fan circulation air over the CPU. Any ideas or suggestions?

More replies
Answer Match 49.56%

I'm currently on deployment in Kuwait for the CG, and I bought a USB modem from one of the companies in Kuwait called Wataniya. The service run by a program called Wnet, that acts like a typical dashboard program for the device. Recently over the past couple of weeks however I've been getting this message any time I hit the Connect button:

The connection was terminated by the remote computer before it could be completed.

Now I have gotten this message before within the dashboard program, but I've always just restarted the Wnet program, unplugged my modem or waited a little while and then it's connected just fine. But now the problem is persisting continually and I can't get it to connect. It's a pay as you go type of service, using recharge cards to purchase whatever packages you want (Daily, Weekly, Monthly) and I had just recently purchased new cards and redeemed them to continue my Monthly package.

At first I thought perhaps it was just my computer so I Google'd some solutions but nothing seemed to work. The device is showing up as working fine in Device Manager, I've even disabled my firewalls and tinkered with the Network settings. But the way the device works with Wnet is that it reads the USB device first, then the SIM card (Both of which come up as a Green indicator on the dashbaord of Wnet when they're both working properly) then it allows you to hit 'Connect'. Normally when both the USB and SIM are green ther... Read more

More replies
Answer Match 47.46%

Running windows ME on this computer.

Problem: Internet is either slow or freezes for minutes on end.

here's my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 2:59:31 AM, on 6/7/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAP... Read more

More replies
Answer Match 46.62%

Hi,

I need to secure my friend's computers. She is running XPPro on one box, and probably VISTA on the two laptops. One problem is that they get locked out of email accounts and strange charges end up on their credit card bills.

The steps I plan to take -- In order -- are:

1. I hope I can set up the router for WPA; if the current router doesn't support it, then a new router will have to be purchased.

2. I have a trial version of NOD32 to install, as the desktop does not have any current AV software. I will do a "deep" system scan.

3. I have a current version (2.0.2) of HiJackThis to install and run.

I am guessing a keylogger is installed on one or all of the computers.

Any other suggestions on software to run?

thanks,
marti

A:Steps to fix infected computer

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

3 more replies
Answer Match 46.2%

Hello!

I'm typing this from my phone because , as I was following your steps on how to run and check for viruses, my computer got worse and keyboard stopped letting me type. So, here is what I know and have done so far.

1. I ended up getting tricked by the Cloud AV 2012 and downloaded or installed but didn't pay. I tried doing a remove program but it didn't work. As you described, I couldn't use anything on my computer so went to your site via phone. I was at first relieved to see that I probably did not have a horribly infected computer, and I followed your steps on how to go to Safe Mode and get rid of Cloud AV 2012.

2. I restarted my computer and the same Cloud AV 2012 thing popped up. Nothing had changed so I started to follow the directions on how to get rid of tdss I think it was called??? It was the next step in your directions. That led me to the steps on what to do before posting for help on running the malware program.

3. I backed up onto an external hard-drive and made sure Windows Firewall was enabled. I think the next step was to download DeFogger, and here is where I'm stuck. When I tried using Firefox to get to that website I found that my keyboard stopped letting me type. In case it was Firefox I started IE, but that has been an ongoing problem where it comes up and then immediately closes or reboots over and over.

So, I'm now not sure how to get help with these problems. I hope this was the correct place to pos... Read more

A:Have a virus but can't use computer to follow your steps.

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program bef... Read more

11 more replies
Answer Match 46.2%

Dear All,

I have been using my Seagate 1TB Hard Disk since 4 months, recently i tried copying a file to it, and it showed:

""This file is not located in this Drive""

it was something like this...


And after that my HDD went undetected, now whenever i plug it in, it makes the sound of turning on.and also the blue light comes on the HDD.

But it's not shown in My computer.

I changed my cables, went to disk management ; where i could not see my drive listed there(i can send u a screenshot of it; as some other unnamed disks were there),

i tried refreshing it and still no success.

I also have tried updating, deleting the drivers from Device Manager, but no Success.


Please Help me in resolving this issue..

Thanks

A:Seagate HDD not showing up in computer(have tried all given steps)

Screenshot is attached

2 more replies
Answer Match 46.2%

Hi there,

I've got a 5 year old HP that seems to have suddenly really slowed down a lot. My internet connection doesn't seem to be unstable when I try pinging but I have huge bouts of lag while online anyway. Using chat software like Ventaire lags, pages loading online seem to lag and a small game I play seems to be slow. (No graphics, it's just an old MUD). Please bear with me as I'm not very well versed in computer issues but I tried to follow the steps given.

The place where I noticed a great deal of issues was doing the virus/malware scan that was suggested on this site. On the instructions you didn't ask to post the ActiveScan log yet so I can just tack it on at the bottom.

I've enclosed the supplementary text as well. Thanks so much for any insight you can provide!

ComboScan v20070221.16 run by Owner on 2007-02-26 at 11:09:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:11:52 AM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svcho... Read more

A:Sluggish Computer Prompted me to Try your Steps

Hi, I know you guys are busy, I'm just bumping after the 48 hour period. Thanks!

Amy

2 more replies
Answer Match 46.2%

I posted a message about an error message that I was getting. Unable to launch restart.exe. MY answer was to complete the 5 steps to see if my computer was infected. I am on step 2, the panda active scan 2.0. I have dial up and only can stay connect for 12 hours at a time. I start the complete scan when i connect. 12 hours later, the scan is still going after scanning over 2 million files but only at 19% complete it shows. The seems to be a lot of files in the windows/ installer folder. What should i do? The scan cant be completed in 12 hours. Thank you.

A:Trying to complete the 5 steps to see if my computer is infected.

Hello eeyore0,

Skip the online scan for now, and proceed to the next steps. Be sure to reach Step 5 and post the following reports:

main.txt
extra.txt

1 more replies
Answer Match 46.2%

I wonder if someone can give me a simple checklist of how to approach this effort. I have 3 teenagers (my niece and nephews) on the same XP computer with multiple user and email accounts, and instant messenger accounts. They have several browsers also. The computer is nearly unusable, you can imagine. I want to restore the computer to optimum condition but not sure how. Should I just reformat and start over? Will this get rid of all viruses (I imagine there are some)? Should I check to see if there is a restore point from when they first got the computer, which has been at least 2 years ago? What can an amatuer computer geek do to get this computer healthy?Any advice would be appreciated.auntnaP.S. I meant to say toolbars (search engines) instead of browsers.

A:What Steps Do I Take To Clean Up A Teenagers Computer?

I think reformatting the computer and restoring it back to its original form is the best way. It will end up being the most efficient and least frustrating method. Before you do it however, make sure you have all the drivers for your computer and it's components. Also make sure you have the Windows XP CD, and a legitimate XP license.

16 more replies
Answer Match 46.2%

... and I would like to know what sets motherboards apart from each other? Obviously the ram expansion capabilities, having a 16x pci card slot... but what else? Shouldn't they be pretty much identical?

Is there such a thing as a good 'beginner' board to work on? something really durable so if I make a mistake it could tell me?
 

A:Taking my first steps at computer building

Well...

well hopefully I'm just going to replace the processor, ram and motherboard that I think I blew out. The hard drive and the power supply should be fine. I have a 550 watt supply and a nice western digital hard drive that I will be re-using from my ****ty system.

So I'm bugeting 300 dollars to get myself back up and running. I also plan on going to a computer part store in town to get my system back up... I know I'm going to be over-paying for parts...

The only thing that concerns me is that the motherboards I've seen also come packaged with a CD for drivers... what's this all about?
 

3 more replies
Answer Match 46.2%

Just purchased a brand new windows 7 laptop. What first steps should I take before doing anything else to ensure that I have a clean healthy computer from day 1?

Clean install or clean up bloatware?
What antivirus to use?
Etc.

A:Bought a new computer. What are my first steps in setting it up?

   Information
We always assume you have made your Recovery Disks using the OEM manufacturer's Recovery Media Creator app the first day you had your new PC.
& made the Startup Repair CD.
startup repair disc-create



Did you make the OEM manufacturer's Recovery Disks?



You can order Microsoft official OEM Recovery disks from your OEM manufacturer's website.

3 more replies
Answer Match 46.2%

Follow these steps in order to keep your computer clean, secure, and running efficiently.Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Commercial Spyware Removal/Protection Programs - If you feel more comfortable installing a commercial Spyware removal program then we recommend WebRoot's Spysweeper or Lavasoft's Ad-Aware Professional. There are many commercial products on the market, but unfortunately most are misleading and substandard. Both of the products we recommend here are proven to be excellent products and a worthy addition to the arsenal of software protecting your computer.

Spysweeper Product Information
Ad-Aware Pro Production Information

Make your Internet Explorer more secure - This can be done by followin... Read more

A:Simple steps to keep your computer secure!

Mr.Grimler,

It was this tutorial and another one on
"How I got infected" that helped me to restore my computer to a decent speed.
That's why I decided to get involved with BC.
It is my first discussion group of any kind.
Was squeamish. So many posts,so little time



many thanks,

Rhubarb

49 more replies
Answer Match 46.2%

I have recently upgraded my computer with a new Mother Board, CPU and RAM. Upon successfully installing all 3 components I booted my PC. Firstly, everything was going well, it loaded in Windows 7 like always and I then successfully installed the new mother boards drivers with no errors. At the end of the installation it advised me to restart, I did & then because I wanted to try my new setup I booted on of my most demanding games (BFBC2). After playing the game for 4 hours I decided to go to bed. I woke up in the morning booted my PC only to find that once it got to the "Windows 7 Loading Logo" the computer would reboot.

My first thought was, oh just a one off reboot. As the computer rebooted itself again, the same thing happened. The instant it got to the Windows 7 Loading logo it reboots. My first thought was the OS, so I put in my Windows 7 disc, booted off the disc, deleted both my partitions on both my hard drives and reformatted. This is where my problems began to worry me. The first stage of the installation "Copying Files" It goes from 1 - 100% in less than a second, instantly goes to the 2nd installation. It continues through all of the installation smoothly. Once it gets to the phase at which it needs to restart the computer it does. Then it boots normal...load's Windows 7..the logo comes up and under it reads "Setting up Registry Settings"

Then *REBOOT*, I'm tried Windows XP & Windows 7 on both Hard Drives. To no avail.

I've... Read more

A:Windows 7 Restarts Computer During Last Steps

Try testing your RAM. Download a copy of Memtest86 and burn the ISO to a CD using ImgBurn. Boot from the CD, and run at least 5 passes.

4 more replies
Answer Match 46.2%

Hi, my computer seemed to have got a trojen and I can seem to remove it, I also have never reformated my computer an do not know how .
My computer is HP, i have Windows XP Media Center, and have an HP Pavilion Hard drive, can someone please help me and tell me how i reformet my computer thank you!

A:Can someone give me steps on how to reformat my computer

Hello bling101, Welcome to TSF!

Reformatting your Hard Drive is a pretty dramatic step to take because you have an infection from a 'trojan'; before you take "the plunge", try this....

Go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

When you are carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just make mention of the fact in your post to The HJT Help Forum; an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

1 more replies