Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

comp abnormally slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

comp abnormally slow

Unread postby ~dj~ » March 16th, 2009, 8:08 pm

I have noticed that my comp runs very slowly when more than one program runs at a time. When I pull up task manager, the CPU levels are at 100%. I have 36 processes running, adding up to 295,892K of memory which is weird because I have a Pentium 4 CPU at 2.5 GHz and 1.24GB of RAM. Its very strange, as my dad's work comp has a slower processor (i think at 1.73 GHz) and less RAM (1GB) but practically idles with 6 open programs runnning.

Another suspicious thing is my firewall (net Defense firewall) has been detecting Port Scans for a while from both SYSTEM and C:\WINDOWS\System 32\svchost.exe.

The last two were:

3/16/2009 Pm 3:38:08, Port Scan Detected, Inbound, UDP, Local Ip 10.0.0.2, Remote Host 10.0.0.1, Application Involved C:\WINDOWS\System 32\svchost.exe
3/16/2009 5:57:14 Pm Port Scan Detected, Inbound, UDP, Local Ip 10.0.0.3, Remote Host 10.0.0.1, Application Involved SYSTEM

I have read the What to do if your Computer's running slowly article, but my computer still runs slowly after following the instructions.

Finally, here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:40 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Songbird\songbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.eset.eu
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 6714 bytes
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am
Advertisement
Register to Remove

Re: comp abnormally slow

Unread postby Axephilic » March 20th, 2009, 11:17 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

I will post back soon with my first fix for you.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: comp abnormally slow

Unread postby Axephilic » March 20th, 2009, 11:30 pm

Hi there,

I don't see anything serious in your log. But there is a few things that we can tidy up and a file that I am curious about.

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file C:\Program Files\Songbird\songbird.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

Download DDS

Download at your desktop DDS from one of the links below:

Link1
Link2
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.

In your next reply, please include:
  1. VirusTotal results
  2. Both DDS logs
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: comp abnormally slow

Unread postby ~dj~ » March 21st, 2009, 3:11 pm

Virus Total:
a-squared 4.0.0.101 2009.03.21 -
AhnLab-V3 5.0.0.2 2009.03.21 -
AntiVir 7.9.0.120 2009.03.20 -
Authentium 5.1.2.4 2009.03.21 -
Avast 4.8.1335.0 2009.03.20 -
AVG 8.5.0.283 2009.03.20 -
BitDefender 7.2 2009.03.21 -
CAT-QuickHeal 10.00 2009.03.21 -
ClamAV 0.94.1 2009.03.21 -
Comodo 1078 2009.03.21 -
DrWeb 4.44.0.09170 2009.03.21 -
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 -
F-Prot 4.4.4.56 2009.03.20 -
F-Secure 8.0.14470.0 2009.03.21 -
Fortinet 3.117.0.0 2009.03.21 -
GData 19 2009.03.21 -
Ikarus T3.1.1.48.0 2009.03.21 -
K7AntiVirus 7.10.677 2009.03.20 -
Kaspersky 7.0.0.125 2009.03.21 -
McAfee 5559 2009.03.20 -
McAfee+Artemis 5559 2009.03.20 -
McAfee-GW-Edition 6.7.6 2009.03.20 -
Microsoft 1.4502 2009.03.21 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.21 -
Panda 10.0.0.10 2009.03.21 -
PCTools 4.4.2.0 2009.03.21 -
Prevx1 V2 2009.03.21 -
Rising 21.21.52.00 2009.03.21 -
Sophos 4.39.0 2009.03.21 -
Sunbelt 3.2.1858.2 2009.03.20 -
Symantec 1.4.4.12 2009.03.21 -
TheHacker 6.3.3.1.287 2009.03.21 -
TrendMicro 8.700.0.1004 2009.03.20 -
VBA32 3.12.10.1 2009.03.20 -
ViRobot 2009.3.20.1658 2009.03.20 -
VirusBuster 4.6.5.0 2009.03.21 -
Additional information
File size: 988160 bytes
MD5...: 8545f11baa3ea3be2c6998547b2fc1d5
SHA1..: 60c7fb9c0b41fdba228b500c7a77d39b17ea17f1
SHA256: 0e90cf58239bd8f24541a5f23e0c5cf647783c969ad009104833a257a6cb7eeb
SHA512: 647d9382370f596470e6a8a6a461e021491107c6a8c0d0126e2fc387c1f0d9a7
df494e4087c86bb93582f638f20012d8905ea059fd525dbe3797007b8b986e26
ssdeep: 6144:lQubbrQDpWZedAD6V0QGGKG1bGzGrk02jcedAD6V0QGGKG1bGzGrk02jced
AD6Va:DbXctAD6PP29AD6PP29AD6PP2
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2bb9
timedatestamp.....: 0x499e054e (Fri Feb 20 01:20:14 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11537 0x11600 6.69 cab5b1555acbd14be315c37c90674b7a
.rdata 0x13000 0x30c0 0x3200 5.61 d38f22cea5feb69961f2ea86003c8b75
.data 0x17000 0x3268 0x1600 3.10 af5779c381904f897a4fd7c836e4f16f
.rsrc 0x1b000 0xd9746 0xd9800 3.71 d973e30f88206666b472dab48877f72b
.reloc 0xf5000 0x196a 0x1a00 4.13 d684ea55ac30d73895bf3ab6785de882

( 3 imports )
> KERNEL32.dll: ExpandEnvironmentStringsA, SetEndOfFile, GetProcAddress, FreeLibrary, LoadLibraryExA, GetModuleFileNameA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, GetLastError, GetFullPathNameA, GetCurrentProcess, SetUnhandledExceptionFilter, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, Sleep, VirtualAlloc, HeapReAlloc, CloseHandle, RtlUnwind, RaiseException, GetDriveTypeA, WideCharToMultiByte, ReadFile, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetStdHandle, LoadLibraryA, InitializeCriticalSection, GetConsoleCP, GetConsoleMode, FlushFileBuffers, CreateFileA, HeapSize, GetCurrentDirectoryA, CompareStringA, CompareStringW, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetFileAttributesA
> USER32.dll: MessageBoxA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegEnumKeyExA, RegOpenKeyExA

( 0 exports )


DDS#1

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:02:16.25 on Sat 03/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.885 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning enabled* (Updated)
FW: Avanquest NetDefense Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://qus10.hpwis.com/
uSearch Page = hxxp://srch-qus10.hpwis.com/
uDefault_Page_URL = hxxp://qus10.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearch Bar = hxxp://srch-qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: XPL LinkScannerIE: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avanquest\systemsuite\LinkScannerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [PS2] c:\windows\system32\ps2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: eset.eu\www
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://coke.mycokerewards.com/cabs/Entr ... Silent.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xqrlt8h4.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xqrlt8h4.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avanquest\systemsuite\firefox\components\SearchShield.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-4 138680]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-4 352920]
R3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2008-8-21 54865]
R3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2008-8-21 20225]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-4 254040]

=============== Created Last 30 ================

2009-03-18 22:38 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-03-18 22:38 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-03-18 22:37 2,117,632 a------- c:\windows\system32\python25.dll
2009-03-18 22:37 1,332,197 a------- c:\windows\system32\pythondll.zip
2009-03-18 22:36 <DIR> --d----- c:\program files\AGI
2009-03-18 17:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2009-03-18 17:18 <DIR> --d----- c:\program files\My Coke Rewards Media Manager
2009-03-18 17:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Entriq
2009-03-18 17:12 <DIR> --d----- c:\program files\Kontiki
2009-03-18 17:12 <DIR> --d----- c:\program files\Entriq
2009-03-15 16:21 <DIR> --d----- c:\program files\Free Audio Pack
2009-03-14 10:40 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-14 10:40 208,744 a------- c:\windows\system32\muweb.dll
2009-03-14 10:40 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-13 15:39 <DIR> --d----- c:\documents and settings\owner\Tracing
2009-03-13 15:31 <DIR> --d----- c:\program files\Microsoft
2009-03-13 15:30 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-11 20:24 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-11 03:35 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-11 01:23 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-11 01:21 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-11 01:21 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-11 01:21 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-11 01:21 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-11 01:21 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-11 01:21 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-11 01:21 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-11 01:21 <DIR> --d----- C:\60e1fcd9013b315696
2009-03-10 00:03 <DIR> --d----- C:\Softendo
2009-03-09 22:41 <DIR> --d----- c:\program files\Trend Micro
2009-03-03 20:12 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-02 21:09 <DIR> --d----- c:\program files\Power Tab Software
2009-02-27 18:02 <DIR> --d----- c:\program files\common files\xing shared
2009-02-26 19:52 <DIR> --d----- c:\program files\Zone.com Deluxe Games
2009-02-21 16:57 471 a------- c:\windows\wininit.ini
2009-02-21 15:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-21 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-02-15 18:50 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 15:58 3,888 a------- c:\windows\viassary-hp.reg
2009-02-07 15:31 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnarp4en\plugin\bin\pchnotify.exe
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 00:32 28,928 a------- c:\windows\hpoins03.dat
2009-02-05 21:30 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-02-05 19:19 28,256 a------- c:\windows\system32\drivers\MxlW2k.sys
2009-02-04 01:09 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-04 00:33 3,708 a--shr-- c:\windows\system32\drivers\HP_P8656U-ABA S6000V NA410_YC_Pres_QMXP414_E41NAheRED4_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.06_T031231_WXH1_L409_M1272_J120_7Intel_8Pentium 4_92.5_1_N10EC8139_P_Z11C1044C_K_A808624C5.MRK
2009-01-22 15:28 290,816 a------- c:\windows\system32\decdll.dll

============= FINISH: 14:02:57.53 ===============

DDS#2

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/3/2009 11:31:50 PM
System Uptime: 3/21/2009 1:37:47 PM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Pentium(R) 4 CPU 2.50GHz | Socket 478 | 2500/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 105 GiB total, 66.909 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.386 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: USB Device
Device ID: USB\VID_046D&PID_0920\5&126700AE&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_046D&PID_0920\5&126700AE&0&2
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_577C1462&REV_10\4&1A671D0C&0&60F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_577C1462&REV_10\4&1A671D0C&0&60F0
Service: rtl8139

==== System Restore Points ===================

RP13: 2/7/2009 11:46:27 PM - System Checkpoint
RP14: 2/8/2009 12:36:28 PM - Software Distribution Service 3.0
RP15: 2/8/2009 1:25:58 PM - Installed Java(TM) 6 Update 7
RP16: 2/8/2009 1:27:35 PM - Installed OpenOffice.org 3.0
RP17: 2/8/2009 4:18:08 PM - Software Distribution Service 3.0
RP18: 2/9/2009 11:24:48 AM - Installed Windows Live Messenger
RP19: 2/9/2009 11:25:21 AM - Installed Windows Live Sign-in Assistant
RP20: 2/9/2009 11:57:59 AM - Installed iTunes
RP21: 2/9/2009 9:10:50 PM - Software Distribution Service 3.0
RP22: 2/9/2009 9:34:12 PM - Software Distribution Service 3.0
RP23: 2/10/2009 4:33:07 PM - Installed Java(TM) 6 Update 11
RP24: 2/10/2009 11:00:20 PM - Software Distribution Service 3.0
RP25: 2/11/2009 9:44:22 PM - Software Distribution Service 3.0
RP26: 2/11/2009 10:37:10 PM - Software Distribution Service 3.0
RP27: 2/12/2009 11:30:22 PM - Software Distribution Service 3.0
RP28: 2/14/2009 5:18:04 PM - System Checkpoint
RP29: 2/15/2009 5:20:00 PM - System Checkpoint
RP30: 2/15/2009 5:49:40 PM - Removed Java(TM) 6 Update 11
RP31: 2/15/2009 5:50:17 PM - Installed Java(TM) 6 Update 12
RP32: 2/15/2009 10:11:38 PM - Installed Project64 1.6
RP33: 2/17/2009 3:09:56 PM - System Checkpoint
RP34: 2/18/2009 3:11:35 PM - System Checkpoint
RP35: 2/19/2009 5:39:42 PM - System Checkpoint
RP36: 2/20/2009 10:54:22 PM - System Checkpoint
RP37: 2/21/2009 2:30:31 PM - Registry
RP38: 2/22/2009 2:39:47 PM - System Checkpoint
RP39: 2/23/2009 6:28:15 PM - System Checkpoint
RP40: 2/24/2009 6:19:22 PM - Installed Windows Media Player 11
RP41: 2/24/2009 11:32:03 PM - Software Distribution Service 3.0
RP42: 2/26/2009 5:27:02 PM - System Checkpoint
RP43: 2/27/2009 7:07:34 PM - System Checkpoint
RP44: 2/28/2009 7:39:57 PM - System Checkpoint
RP45: 3/1/2009 8:20:07 PM - System Checkpoint
RP46: 3/2/2009 8:09:36 PM - Installed Power Tab Editor 1.7
RP47: 3/4/2009 7:48:48 PM - System Checkpoint
RP48: 3/5/2009 8:53:50 PM - Restore Operation
RP49: 3/9/2009 2:01:55 PM - System Checkpoint
RP50: 3/10/2009 6:06:06 PM - System Checkpoint
RP51: 3/10/2009 9:13:13 PM - Software Distribution Service 3.0
RP52: 3/10/2009 11:44:03 PM - Software Distribution Service 3.0
RP53: 3/11/2009 3:00:16 AM - Software Distribution Service 3.0
RP54: 3/11/2009 7:08:54 PM - Installed Windows Media Player 11
RP55: 3/11/2009 7:20:51 PM - Software Distribution Service 3.0
RP56: 3/11/2009 8:05:20 PM - Installed Windows Media Player 11
RP57: 3/11/2009 8:06:45 PM - Installed Windows XP MSCompPackV1.
RP58: 3/11/2009 11:41:13 PM - Software Distribution Service 3.0
RP59: 3/13/2009 9:49:03 AM - Software Distribution Service 3.0
RP60: 3/13/2009 10:15:55 AM - System.exe
RP61: 3/13/2009 2:55:32 PM - Removed Microsoft Office Standard Edition 2003
RP62: 3/13/2009 2:58:09 PM - Removed Microsoft Money 2004
RP63: 3/13/2009 2:59:39 PM - Removed Microsoft Money 2004 System Pack
RP64: 3/13/2009 3:00:28 PM - Configured Quicken 2004
RP65: 3/13/2009 3:02:46 PM - Removed Java(TM) 6 Update 7
RP66: 3/13/2009 3:04:27 PM - Removed Apple Mobile Device Support
RP67: 3/13/2009 3:07:00 PM - Removed Photoshop Album Starter Edition
RP68: 3/13/2009 3:07:41 PM - Configured easy Internet sign-up
RP69: 3/14/2009 5:42:03 PM - Software Distribution Service 3.0
RP70: 3/14/2009 4:57:41 PM - System Checkpoint
RP71: 3/17/2009 9:12:24 AM - System Checkpoint

==== Installed Programs ======================


1000Tour
1200
1200_Help
1200Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AiO_Scan
AIOMinimal
AiOSoftware
Apple Software Update
Audacity 1.2.6
avast! Antivirus
Blasterball 2 from Compaq (remove only)
Bonjour
Bounce Symphony from Compaq (remove only)
Choice Guard
Compaq Connections
Compaq Instant Support
Compaq Organize
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Cubis Deluxe
Director
DocProc
Entriq MediaSphere 3.6.0.15
ESET Online Scanner
Excavation from Compaq (remove only)
Fax
Five Card Frenzy from Compaq (remove only)
FoxyTunes for Firefox
Free Mp3 Wma Converter V 1.8.0
Free Video Converter V 1.5
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 12
Junk Mail filter update
KBD
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MUSICMATCH® Jukebox
My Coke Rewards Media Manager 1.0.0.9
NVIDIA GART Driver
OpenOffice.org 3.0
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Overball from Compaq (remove only)
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Compaq (remove only)
Power Tab Editor 1.7
PrintScreen
Project64 1.6
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow!
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Segoe UI
SkinsHP1
SkinsHP2
Slyder from Compaq (remove only)
Songbird 1.0.0 (20081124)
Sonic Update Manager
Spybot - Search & Destroy
SystemSuite 8 Professional
TrayApp
TRENDnet TEW-421PC or TEW-423PI
TrueCrypt
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Watchtower Library 2007 - English
Watchtower Library 2008 - English
WebFldrs XP
WebReg
WildTangent GameChannel (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

3/14/2009 12:33:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2009 9:39:00 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/14/2009 9:39:00 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/14/2009 7:55:29 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TOSHIE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{84B6E6E1-4DC6-4616-BA. The master browser is stopping or an election is being forced.
3/16/2009 10:20:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:08 PM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.eset.eu
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} (CocaCola Class) - http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://coke.mycokerewards.com/cabs/Entr ... Silent.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 6849 bytes



Also please note that my dad also has his own laptop running Vista that connects to the same network. Is it neccessary to post a Hijackthis log of his comp also?
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: comp abnormally slow

Unread postby Axephilic » March 21st, 2009, 3:28 pm

Hi there,

  1. Please download OTMoveIt3.exe from Geeks to Go and save it to your desktop.
  2. Double click on OTMoveIt3.exe to run it.
  3. Please copy and paste the following in the Code box into OTMoveIt3 (1).

    Warning: Do not type it out to prevent any typo errors and damaging your machine.

    Code: Select all
    :Files
    c:\windows\viassary-hp.reg
    


    Please refer to this image to use OTMoveIt3.

    Image

  4. Click on MoveIt! (2)
  5. Click Exit (3) when done.

Uninstall Programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if found):

    Java 2 Runtime Environment, SE v1.4.2

Now you can close Add/Remove Programs.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. OTMoveIt log
  2. Kaspersky report
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: comp abnormally slow

Unread postby ~dj~ » March 22nd, 2009, 4:15 pm

Don't kno where to find the OT Move it log , but i think it was sucessful


Heres the Kaspersky report
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 22, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 22, 2009 18:24:34
Records in database: 1951326
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 82194
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:01:21

No malware has been detected. The scan area is clean.

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:03 PM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_12.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.eset.eu
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} (CocaCola Class) - http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://coke.mycokerewards.com/cabs/Entr ... Silent.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 6837 bytes
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: comp abnormally slow

Unread postby Axephilic » March 22nd, 2009, 5:19 pm

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9. Please uninstall all old versions of Adobe Reader and then you can download the newest version from http://www.adobe.com/products/acrobat/readstep2.html If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Click the CleanUp! button.
  • When it prompts you to Restart, click Yes.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: comp abnormally slow

Unread postby ~dj~ » March 22nd, 2009, 11:02 pm

Got it :)
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: comp abnormally slow

Unread postby NonSuch » March 24th, 2009, 6:04 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware