Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

dont know what to do, please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

dont know what to do, please help

Unread postby Phil » August 26th, 2007, 12:35 pm

Hi

A friend has pointed me to this site, as he has told me that you guys are exceptionally helpful and knowlegeable :)

My position is that I know VERY little about computers, but I do know my pc has become very slow to operate. Below is the hijackthis log (which the friend has kindly installed and run for me). Please can you give me some advice on what to do. (I really have no idea what I'm doing on here so dont feel you're being condescending by posting basic info, the simpler the better for me :oops: )


Logfile of HijackThis v1.99.1
Scan saved at 17:19:06, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?51e18d5cc4554e4d8313c825b3f793bf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?51e18d5cc4554e4d8313c825b3f793bf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe


Many thanks in advance for your help :)

Phil
Phil
Active Member
 
Posts: 5
Joined: August 26th, 2007, 12:14 pm
Advertisement
Register to Remove

Unread postby DFW » August 29th, 2007, 5:23 am

Hello and wecome to . My name is DFW and I will be assisting you with your malware issues .

Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Unread postby DFW » August 29th, 2007, 9:06 am

Hi Phil,
We need to look a little deeper, please follow the instructions below, if at any
time you are stuck or have a question please ask. Did the slow downs just happen, or have you
noticed them builder up over time..


Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s.[/b]

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Kaspersky Online Scanner .

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence,
click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log.

.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Unread postby Phil » August 31st, 2007, 4:37 pm

New HijackThis log


Logfile of HijackThis v1.99.1
Scan saved at 21:30:38, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?51e18d5cc4554e4d8313c825b3f793bf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?51e18d5cc4554e4d8313c825b3f793bf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe



Total number of scanned objects: 49659
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:15
Phil
Active Member
 
Posts: 5
Joined: August 26th, 2007, 12:14 pm

Unread postby Phil » August 31st, 2007, 4:41 pm

Thanks for the response and apologies for not replying sooner.

This is the log from the virus checker....

KASPERSKY ONLINE SCANNER REPORT
Friday, August 31, 2007 9:13:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/08/2007
Kaspersky Anti-Virus database records: 401518


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 49659
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:41:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\History\History.IE5\MSHist012007083120070901\index.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Temp\~DF43E4.tmp Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Temp\~DF43F1.tmp Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\ntuser.dat Object is locked skipped

C:\Documents and Settings\FLUID SYSTEMS\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\L0000003.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FLUID SYSTEMS\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3A9551B7-01F0-4F62-B904-75ED53A0403B}\RP178\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Thanks again for the help.
Phil
Active Member
 
Posts: 5
Joined: August 26th, 2007, 12:14 pm

Unread postby DFW » September 1st, 2007, 5:38 am

Hi again Phil


I do not see any Malware in any of the log's, are you showing any other signs like pop ups or a slow Internet connection.

Did the slow downs just happen, or have you noticed them builder up over time, did they start after you
installed new software or have you added any new hardware??

You do have a lot programs running, that would certainly slow things down, I could look into this if you wanted me to??
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Unread postby Phil » September 1st, 2007, 8:56 am

I noticed the slowdown after the pc crashed once. It seemed alot slower after that 1 occasion. The only popups I get are when the pc first turns on and tries to update AVG.

A friend suggested to me that I have too much running on my pc that I don't need, so if you think that too are you able to tell me how to turn things off so they don't load when I boot the pc?

Thanks
Phil
Active Member
 
Posts: 5
Joined: August 26th, 2007, 12:14 pm

Unread postby DFW » September 1st, 2007, 12:39 pm

Hi again phill, you do have lots of programs running at start up, that you could start youself if needed, if you have any questions just ask.

By fixing them your system will start quicker and run faster,



I would print these instructions, to refer to




First off clear your existing system restore points and establish a new clean restore point:

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.





Now Fix unneeded startups




VTTimer. Exe process can be removed to free up resources without compromising system performance.
VTTimer is the driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication.
Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically
so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it.
It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time.
It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe



raid_tool.exe (VIA_RAID_Tool from VIA Technologies) process can be removed to free up resources without compromising system performance.
raid_tool.exe (VIA_RAID_Tool from VIA Technologies) is the VIA Raid configuration. This program is not required to start automatically as you can start it manually if you need it.
Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed,
then do not disable it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time.
It may be worthwhile to fix it with HijackThis.
This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"




nerocheck.exe is a process associated with the Nero CD writing or Nero CD/DVD software. It is used to install or control the Nero driver nerocd2k.sys application.
This process should not be removed while using the Nero CD Writing software. This program constantly checks for known drivers that can conflict with our Nero/Nero Express/NeroVision Express software.
This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources.
It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:




O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe



Backweb.exe or backweb-8876480.exe (Logitech Desktop Manager) backweb-8876480.exe is a process that comes with the Logitech Products software.
It manages the automatic update check as well as providing you with new for the latest offers and products from Logitech. This is a non-essential process. Disabling or enabling it is down
to user preference. This process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually
if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile
to fix it with HijackThis.
Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O18 - Protocol: bw20 - {3B4F758D-A84E-407B-B251-0AF96DB1B306} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL





InstallHelper.exe (LogitechVideo[inspector]) process can be removed to free up resources without compromising system performance.
Related to QuickCam software from Logitech. Note: Located in C:\Program Files\Logitech\Video\. This program is not required to start automatically as you can start it manually if you need it.
It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time.
It may be worthwhile to fix it with HijackThis.
Item(s) to fix in HijackThis

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect



ldmconf.exe (Logitech Desktop Messenger) process can be removed to free up resources without compromising system performance.
Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech.
This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis.
Item(s) to fix in HijackThis:

4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe



I would also have HJT fix these as well



O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe




You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog.
You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself..
This is the item to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

There is a small program that will prevent QuickTime from resetting itself.
Please download Engraph-QuickTime-Killer
This is a free utility from EnGraph software. For more information about EnGraph, go to http://www.engraph.com. This application is intended for people that use or consume Sprint Video Mail,
as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me.
This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.




You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool by Apple which allows you to play MP3's.
This process speeds up iTunes when it starts, and the program also monitors for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it.
It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis.
Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe





You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly.
It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis,
but you will need to change the setting in RealPlayer itself to keep it from resetting itself..
This is the item to fix in HijackThis:

O4 ‑ HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" ‑osboot[/color]




AOLDialer (AOL ISP software dialer)
AOLDial.exe process can be removed to free up resources without compromising system performance. AOLDial.exe (AOLDialer) is the AOL ISP software dialer which can be
activated through a desktop shortcut. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that
it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis.
This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe



You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available.
This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel.
It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis.
This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe




ipodservice.exe is a process belonging to Apple's iTunes peer-to-peer download tool. The ipodservice.exe process is a utility used to download mp3 files for your iPod.
If you do not use it, or do not have an iPod, you can safely disable this process. This process can be removed to free up resources without compromising system performance.
It is advised that you disable this program so that it does not take up necessary resources.
To disable ipodservice, click Start > Settings > Control Panel > Performance and Maintenance > Administrative Tools > Services. Find the IpodService,
Right-click and select Properties. Change the setting in StartUp type: to Disabled or click Start > Run. Type services.msc Find the IpodService,
Right-click and select Properties. Change the setting in StartUp type to Disabled to disable the service.

Item(s) to fix in HijackThis:
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe




Here is a few tips that help to save system resourecs, and fix any Disc errors







Default Windows XP visual settings may look nice but they slow your system down.
Here is how to keep the eye candy look of Windows XP while getting a snapper feel.

Instructions - Go to "Start", "Settings", "Control Panel", "System", "Advanced" tab, in the "Performance" section select "Settings".
Leave only the following checked:

Show shadows under menus
Show shadows under mouse pointer
Show translucent selection rectangle
Smooth edges of screen fonts
Use drop shadows for icons labels on the desktop
Use visual styles on windows and buttons
Use Common Tasks In Folders


Then select Apply and OK



This will help a lot

Go to Start, Run, type services.msc and press enter.
Left-click on the status bar twice to filter all the started service to the top.
Double left-click on the Service Name you wish to change. Change the "Startup Type" to either Automatic, Manual or Disabled then select "Apply" and "OK", repeat for all of the following:

Disabled this Services

Indexing Service



If you have not ran a CHKDSK and DEFRAG for 5 to 6 weeks do it now

Check your Harddrive for errors


Go to your C Drive, Right click and select properties

Click on the tools tad

Click on check now button

Tick automaticly fix system errors, then click start

You will get a warning that it can not be run,

Click yes to run the next time you start windows

Now restart your system, so CHKDSK can now run.




Defragment your drive. Go to Start > Accessories > System Tools> Disk Defragmenter.
Highlight the drive you installed XP on, usually C >click the Defragment button.
This will take a while. When finished shut down and restart.

Hope this helps.



Post back and let me know how your doing,,,
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Unread postby Phil » September 4th, 2007, 1:10 pm

8) thanks mate, computer seems to be a lot faster, dont know what you did, but it did good. cheers

phil
Phil
Active Member
 
Posts: 5
Joined: August 26th, 2007, 12:14 pm

Unread postby DFW » September 4th, 2007, 2:09 pm

Your very welcome
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Unread postby Elrond » September 5th, 2007, 2:15 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware