1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

running real slow and freezes a lot, HJT log posted

Discussion in 'Virus & Other Malware Removal' started by Jammer1010, Feb 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Jammer1010

    Jammer1010 Thread Starter

    Joined:
    Sep 7, 2002
    Messages:
    144
    Hi there,

    I am trying to help a friend out with his computer and it seems to be running very slow at times and often freezes up. Especially if Windows Media Player is running. Here is the HJT logs if someone could please take a look at them and let me know what I should do from here that would be great. Thanks again for all the great help from everyone.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:30:01 PM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Cox\Applications\App\syssvcnt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Cox\Applications\app\Console.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\Cox\Applications\App\popupbho01.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Cox\Applications\App\popupbho01.dll
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm248LCUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.pandasoftware.com
    O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} (AuthWebWizardMain.DHTMLPage1) - http://www3.authentium.com/cssrelease/bin/WizMain.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - C:\Program Files\Cox\Applications\App\syssvcnt.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    StartupList report, 2/15/2007, 1:31:44 PM
    StartupList version: 1.52.2
    Started from : C:\unzipped\hijackthis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.5730.0011)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Cox\Applications\App\syssvcnt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Cox\Applications\app\Console.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\DOCUME~1\OWNER\MYDOCU~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    SoundMan = SOUNDMAN.EXE
    readericon = C:\Program Files\Digital Media Reader\readericon45G.exe
    DeviceDiscovery = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    ESP = C:\Program Files\Cox\Applications\app\start.exe
    SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\ssmarque.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Cox\Applications\App\popupbho01.dll - {3C7195F6-D788-4D50-BA72-2EE212EDAC78}
    MorpheusToolbar BHO - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}
    (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Disk Cleanup.job
    ISP signup reminder 1.job
    ISP signup reminder 2.job
    ISP signup reminder 3.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [AuthWebWizardMain.DHTMLPage1]
    InProcServer32 = C:\Program Files\Common Files\Authentium Shared\Core\wizmain.dll
    CODEBASE = http://www3.authentium.com/cssrelease/bin/WizMain.exe

    [StagingUI Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
    CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab

    [{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
    CODEBASE = http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab

    [Trend Micro ActiveX Scan Agent 6.6]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
    CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    [ZoneBuddy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
    CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

    [ZonePAChat Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
    CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    [ZoneIntro Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

    [CBankshotZoneCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\zpa_pool.dll
    CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    [StadiumProxy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
    CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab

    [QDiagHUpdateObj Class]
    InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
    CODEBASE = http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_38.dll (file MISSING)

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\Owner\Cookies\index.dat||C:\DOCUME~1\Owner\LOCALS~1\History\History.IE5\index.dat||C:\DOCUME~1\Owner\LOCALS~1\History\History.IE5\MSHIST~1\index.dat||C:\PROGRA~1\MYWEBS~1\SrchAstt\1.bin\MWSSRCAS.DLL||C:\PROGRA~1\MYWEBS~1\SrchAstt\1.bin||C:\PROGRA~1\MYWEBS~1\SrchAstt||C:\Program Files\Internet Explorer\msimg32.dll||C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL||C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE||C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOESTB.DLL||C:\PROGRA~1\MYWEBS~1\bar\1.bin||C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp


    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 8,372 bytes
    Report generated in 0.016 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Hello Jammer1010 and welcome to Tech Support Guy

    My name is curlylad and I will be helping you to remove any infection(s) that you may have.

    I have to let experts check the content of my fixes before I post them so be patient.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess , simply post back with your query and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
     
  3. Jammer1010

    Jammer1010 Thread Starter

    Joined:
    Sep 7, 2002
    Messages:
    144
    Hi nie to meet you. Ok thats fine I just want to get this fixed. It is very irritating when it runs slow even worse when it freezes up. So I will be waiting to hear back from you.
     
  4. Jammer1010

    Jammer1010 Thread Starter

    Joined:
    Sep 7, 2002
    Messages:
    144
    Hi nice to meet you, Ok I will be waiting to hear back from you. As this is very irritating when it runs slow or even worse when it freezes up.
     
  5. Jammer1010

    Jammer1010 Thread Starter

    Joined:
    Sep 7, 2002
    Messages:
    144
    opps posted that twice sorry. But still waiting..... for some help
     
  6. Jammer1010

    Jammer1010 Thread Starter

    Joined:
    Sep 7, 2002
    Messages:
    144
    ok curlylad or anyone please help take a look at the HJT log and let me know what I should do PLEASEEEEEEEE
     
  7. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Jammer1010

    I do apologise for the delay in replying to your post.
    I am at this time formulating a fix for your problems and will be with you very soon. :)
     
  8. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Good Afternoon Jammer1010

    Here are your first instructions

    STEP 1

    Download Programs

    Please download ATF Cleaner from this link ATF (Atribune Temp File) Cleaner© by Atribune

    Please do not open/run the program yet

    I notice from your log that you have the program Ewido Anti-Spyware 4.0 installed.
    This has recently been renamed to AVG Anti Spyware and had some updating.

    My advice would be to go to Add/Remove programs and uninstall Ewido Anti-Spyware 4.0
    Then download the new updated version of AVG Anti Spyware.

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Please do not open/run the program yet



    STEP 2

    NewDotNet

    Have you installed the program NewDotNet on your system ?

    If you did not then it needs to be removed.

    Please go to add/remove programs and uninstall NewdotNet.
    If you don't have that option or if you have difficulties then please follow the instructions on this site


    STEP 3

    Stop a Running Process
    • Press Ctrl+Alt+Delete at the same time
    • Windows Task Manager opens
    • Click the Processes tab, click the heading Image Name to alphabetically arrange the processes
    • Tick the box Show Processes from all users
    • Find in the list the process mwsoemon.exe, click it to highlight it
    • Now click the End Process button
    • Close Task Manager

    Now go to Add/Remove programs and uninstall MyWebSearch if it is listed.



    STEP 4

    Use HijackThis

    These 2 entries appear in your HijackThis Log

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    If these were set by you or the system administrator that is fine.
    If neither yourself or the system administrator set these restrictions then please place a check mark next to them and have HijackThis fix them with the following red highlighted entries.



    STEP 5

    Delete a Folder
    • Double click My Computer
    • Double click C Drive
    • Double click Program Files
    • Locate the Folder MyWebSearch, right click it and select Delete

    NOTE - If you receive an error message, right click the folder, choose Properties and check if the Read only attribute box is checked.If it is uncheck it and try the procedure again.



    STEP 6

    Update Java

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 .

    To check your version to see if it is the latest version, Please go to this link to verify your version to get the updates needed:

    You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to verify Your Java software.

    Or you can get the manual download here:

    Once you have installed the latest update, please go to Add/Remove Programs and remove all older instances of Java listed there.



    STEP 7

    Update Adobe Acrobat Reader

    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts

    When the installation is complete go to Add/Remove Programs and uninstall all previous versions.


    STEP 8

    P2P/File Sharing

    You are running a P2P filesharing programme. - Morpheus
    • Many of these programmes come with unwanted components bundled with them.
    • If you wish to find out whether the one you're using does click here.
    Whilst engaging in File Sharing you are basically playing Russian Roulette with your system
    My recommendation is you uninstall any File Sharing programs.



    STEP 9

    Run ATF Cleaner

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    STEP 10

    Run AVG Anti Spyware

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine[/color] (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        [​IMG]
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.


    STEP 11

    Create an Uninstall List/fresh HijackThis Log
    • Open HijackThis
    • Click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Click Save List...
    • Save the list to your Desktop
    • Under Other Stuff click the Back button
    • Now click the Scan button
    • Click the Save Log button, save it to your Desktop
    • Close HijackThis


    STEP 12

    Report Back
    • I would now like from you the AVG Anti Spyware Log
    • The Uninstall List
    • The fresh HijackThis Log
    • Also can you please tell me how your system is now running

    I will review this information and advise of any further necessary steps as soon as possible.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544370

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice