[hisbeauty4ashes]

Hi I keep having problems with my Vista eating my memory and is running slow. How do I clean it and make my computer run faster?

Thanks

[joeten]

Hi your best option for cleaning would be the clean up tool in all programs accessories system tools you can also run a defrag from the tools there,and try a clean boot info here http://support.microsoft.com/kb/331796 and here http://support.microsoft.com/kb/929135 to troubleshoot

[brandonbr]

How much ram does your system have? Running Vista with 1gb of ram is sometimes not enough.

[hisbeauty4ashes]

I have 4 GB's total maximum the system requires.

[retiredmarine]

Make sure you are not keeping old history and temp internet files because this will slow down your computer even with 4 GB ram...

It might be a good ideal to defrag every once and awhile...

I currently have a HP decktop with 3 GB ram and a Compaq laptop with 2.5 GB ram and they both run good as long as I keep the junk cleaned out...


Good Luck,

[hisbeauty4ashes]

All these things in which you speak of are done once a week so this is not the problem.

[flavallee]

hb4a:

Let's see what your computer has installed and running in the background and if any obvious infection is present.

Go here and click the green icon to download HijackThis 2.0.2.

Close all open windows, then install it in its default location: C:\Program Files\Trend Micro\HijackThis.

Run a scan with it - which will take 30 seconds or less.

Save the resulting log in Notepad.

Return here, then copy-and-paste the entire log here.

--------------------------------------------------------------

[hisbeauty4ashes]

Flavalle, here is the info you asked for. I do not want to delete temp files right now cause I lost business file I am trying to retrieve from deleted files and am not sure how to do that yet.Do you have nay ides how to do that?




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:59 AM, on 11/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\mobsync.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mqsF447.tmp.exe] C:\Windows\system32\mqsF447.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/BookWorm/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/BookWorm/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 8895 bytes

[brandonbr]

You can try this program for recovering deleted files http://www.piriform.com/recuva . Its pretty good, it's free and does not slow down your computer at all. Takes 1 min to install.

[flavallee]

hb4a:

This log entry:

O4 - HKCU\..\Run: [mqsF447.tmp.exe] C:\Windows\system32\mqsF447.tmp.exe

indicates an infection in your computer.

Go here and click the green icon to download Malwarebytes Anti-Malware 1.41.

Go here and click the green icon to download SUPERAntiSpyware 4.29.0.1004.

Just download and save them both right now and don't do anything else with them yet.

I've reported your thread to the "Malware Removal & HijackThis Logs" section for assistance by a yellow shield malware expert.

----------------------------------------------------------------

[cybertech]

I have moved your thread to the Malware Removal Forum.

Run HJT again and put a check in the following:

O4 - HKCU\..\Run: [mqsF447.tmp.exe] C:\Windows\system32\mqsF447.tmp.exe

Close all applications and browser windows before you click "fix checked".


Download the programs flavallee suggested. Update and run them both posting the resulting logs here with a new HJT log.

[flavallee]

Quote:

Originally Posted by cybertech

Download the programs flavallee suggested. Update and run them both posting the resulting logs here with a new HJT log.

hb4a:

Now that cybertech has given you the "go ahead", install both Malwarebytes Anti-Malware and SUPERAntiSpyware. Make sure to update their definition files during the install process. Restart your computer after they're both installed.

Start Malwarebytes and run a "quick scan". When the scan is finished, make sure to select and fix EVERYTHING it finds. Restart your computer, if prompted to.

Start SUPERAntiSpyware and run a "quick scan". When the scan is finished, make sure to select and fix EVERYTHING it finds. Restart your computer, if prompted to.

Start Malwarebytes, then click Logs(tab). Highlight the scan log entry, then click Open. When the scan log appears in Notepad, copy-and-paste it here.

Start SUPERAntiSpyware, then click Preferences - Statistics/Logs(tab). Highlight the scan log entry, then click View Log. When the scan log appears in Notepad, copy-and-paste it here.

And don't forget to post a new HijackThis log here.

----------------------------------------------------------------

[hisbeauty4ashes]

I am having a hard time downloading the Melware in which you speak of.It goes to 41 percent and stops do you know why this is?

[hisbeauty4ashes]

Okay it started up again so we will see now what it does.Now what I was told above to do I do it now or wait until I run these scans?

[flavallee]

Follow cybertech's instructions first to fix this log entry:

O4 - HKCU\..\Run: [mqsF447.tmp.exe] C:\Windows\system32\mqsF447.tmp.exe

then you can follow my instructions for MBAM and SAS.

----------------------------------------------------------------

What kind of internet connection do you have - 56K dialup, high-speed wired, or wireless?

----------------------------------------------------------------