PDA

View Full Version : NEED HELP with a virus AGAIN!!!!


tbm15
2008-01-16, 06:25
If Shaba responds to this...you helped us out about 1 1/2 years ago and, again, I can't say or thank you enough...:crowned: (And to all, this service is absolutely incredible) Thanks! :bigthumb:
Yet again, here I (we) are with something that has slowed my the entire system entirely :eek:. No idea what it is this time. Please help us solve this if possible, posting kaspersky below then Hijack this under seperate post. Thanks!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 10:27:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512565
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 68253
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:58:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\SID.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\SII.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008011520080116\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\NeroDemo11573\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\FileLNew Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\bf-500.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\conf-100.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\conf-900.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\gather-now.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\notes.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\partner-700.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\subscrip-2000.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\survey.dat Object is locked skipped
C:\Program Files\BigFix\__Data\__Global\Logs\20080114.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MAINCOMPUTER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BC39A009-D09A-40AB-9D7A-70B753896775}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT05e75.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05e78.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
tbm15
2008-01-16, 06:31
Here's the Hijack This log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:22 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www2.ottawasenators.com/_static/images/www/pages/images/wallpaper/1024/Heatley.jpg
O24 - Desktop Component 1: (no name) - http://www.microsoft.com/canada/home/templategallery/templates/ProjectsCrafts_2.5.23_photocalendartemplate.png

--
End of file - 8023 bytes
pskelley
2008-01-18, 17:29
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
I see nothing wrong with your HJT log. If your issue is with what Kaspersky is locating, see this:

C:\Documents and Settings\Owner\Local Settings\Temp\NeroDemo11573\Toolbar.exe ------> AdTool.Win32.MyWebSearch.bm skipped

This is adware and I would not have it on my computer. If you wish it gone, delete the contents of the Temp folder in red.
(a few original files may not delete)
Empty the Recycle Bin

Once that is done, run a new scan which should be clean. Please do not post a clean scan, just let me know.

Thanks
tbm15
2008-01-19, 00:01
Thanks for the response...good to hear you didn't see anything unusual. Can't locate the folder C:\Documents and Settings\Owner\Local Settings\Temp\,

Under :\Documents and Settings\Owner I only have the following folders:
housecall6.6
Desktop
Imcolmplete
Start Menu
Windows
Limewire
Favorites
My Documents
User Data

Sorry, I'm not too good at this stuff. Know I'm probably missing something obvious.
pskelley
2008-01-19, 00:22
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Follow the pathway:
C:\Documents and Settings > Owner > Local Settings > Temp <<< delete only the contents.

You may download and use this free cleaner: http://www.atribune.org/content/view/19/2/
but in this first case, I want to be sure the adware items are deleted: \NeroDemo11573\Toolbar.exe

Thanks
tbm15
2008-01-19, 00:41
Thanks for the quick response! OK...found the folder and the Nero11573 folder and deleted. Do you want me to delete all the contents of this Temp file as well? Or just the Nero folder?

Thanks!
pskelley
2008-01-19, 00:44
You will probably not be able to delete them all, some old files resist, and must be needed by Windows, but that is a Temp folder and by their nature, they are temporary files.

Thanks
tbm15
2008-01-19, 01:20
Thanks again...deleted the contents of the Temp folder and re-booted. Haven't run Kaspersky yet, but ran Avira prior to replying earlier, no virus detected, updated yesterday...

Thing is, if I open like 5 Word docs, they zip right up and I can click back and forth without any problem. Try to open IE or just for kicks, Firefox, it's slower than hell. Almost worse than a dial-up connection. I have Roadrunner.

If it is not internal, do you think it is possibly the router gone bad? Or something else to do with the hardware?

Please let me know how to proceed next. Gotta go to a hockey game and will check back tomorrow.

Thanks again for your help!
pskelley
2008-01-19, 02:13
Thanks for the feedback, please run Kaspersky as a double check for your resident anti-virus program to be sure.
We are now moving from my area of expertise, so I will make some suggestions and do what I can.

1) Look at this information carefully to see what will help:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

2) http://www.microsoft.com/windows/IE/community/columns/IEtopten.mspx

3) I can't not tell you about the router, have you tried connecting to the internet without the router to see what happens. I also suggest you involve your Internet Service Provider in this, it may well be their issue.

4) http://www.google.com/search?hl=en&q=troubleshoot+internet+connection+issues&btnG=Google+Search

5) I suggest you run a free diagnostic here: http://www.pcpitstop.com/pcpitstop/
I do not suggest you purchase anything, simply register free and run the diagnostic. If you post a link the your Test Results I would be glad to advise you.

Let's see what happens with that information. I do want to mention if you are receiving any error messages at all, I would like to see those word for word.

Thanks
tbm15
2008-01-19, 20:15
Hi again...hope the weather in FL is nice, because here in NY it is really cold.

OK, I briefly reviewed the links you sent me and will review in depth a little later. Then I ran PCPitstop, I am going to post the results, but please advise the best way to do this since I just did a copy/paste...

VERY INTERESTING THING HAS HAPPENED! When I ran PCPitstop, I had to disable ZoneAlarm...Guess What? My internet is now running back to normal speed! I have done nothing else in terms of tweaking the system. WTF?

So, Now I am thoroughly confused...could ZoneAlarm have been the issue? If so, what am I to do without a firewall?

Thanks!
pskelley
2008-01-19, 20:31
The Test Results must be posted as a link to the results, here is an example from the forum:
http://www.pcpitstop.com/pcpitstop/Summary.asp?TechExpress=4P1XSWFW7GJSA8BG

When did you install Zone Alarm or did you do an update around the time the computer had the issue. It is always possible I suppose, I run Zone Alarm free firewall myself.

Here are a few free firewalls you can try, you must have a firewall in place.

http://www.personalfirewall.comodo.com/
http://www.jetico.com/index.htm#/jpfirewall.htm

Thanks
tbm15
2008-01-22, 03:57
Cool...Sorry it took so long to get back...busy weekend.

Here's the PCPitstop link:
http://www.pcpitstop.com/pcpitstop/DetailedSummary.asp

As for ZoneAlarm, it was installed about a year 1/2 or so ago. I don't recall doing an update, but it is very possible that it may have been done as my kids use this computer as well.

I rebooted the system over the weekend and had ZoneAlarm running, same thing happened, the computer slowed down again.

Before downloading any new firewall, I may try to uninstall ZoneAlarm and reinstall to see if that helps. Your thoughts?

Let me know what you think about the PC tests.

Thanks!
pskelley
2008-01-22, 14:24
Let me know what you think about the PC tests.Let's try to get a look at the results of the test, please click the link and see what you posted for me. I gave you an example of what I need to view in my last post?

Thanks
tbm15
2008-01-22, 15:43
Sorry...Here's the link again, hope it works.

http://www.pcpitstop.com/pcpitstop/Summary.asp?conid=19454063

BTW...went ahead and installed personalfirewall.comodo to use, at least temporarily, as a firewall.

Thanks!
pskelley
2008-01-22, 15:51
Listen, if it does not take you there when you click it, it will not take me. Here is the forum at PCPitStop where you can see everyone posting their Test Results.

http://pcpitstop.invisionzone.com/index.php?showforum=6

Thanks
tbm15
2008-01-22, 16:07
http://www.pcpitstop.com/techexpress.asp?id=6H6RSWD4TFGSNG1G

Sorry...read the pcpitstop info and should have posted it like this. I was able to get the results on the previous links I posted because I was logged on. Hope this works now...double checked it before posting and I was taken directly to the link above. Sorry for the inconvenience.

Thanks.
pskelley
2008-01-22, 16:36
Thanks, no problem at least we got it. I will assume by now you have been looking. There is a load of information and it is all about your computer. (I do not suggest you purchase anything you do not want)
I will look at key areas, and you can see several minor issues and one serious one. If you have questions about anything I do not mention, post to ask, or you can also post to the forum for help. I also help here and there are knowledgeable folks working these forums.

Security: Serious http://www.pcpitstop.com/pcpitstop/SecIEZone.asp
correct this issues right away, they have a free tool: PC Pitstop AutoFix or you can do this manually.

Memory: minor, Windows will run on that much RAM but that is about all it will do. Any resource intense program is going to have issues. I have 1.25 GB's of RAM on my Dell 4550.

Disk: Minor, You have maintenance issues: • Highly Fragmented Files
• Defragment files (Drive You also appear to be storing a load of JUNK: Junk files 48 MB

Try this tool:
http://spyware-free.us/tutorials/cleanmgr/

Internet: Minor, look into all suggestions, especially these:
Sub Optimal Internet Performance
• Adjust IE browser cache size
• Saving Web Page Passwords with Firefox May Present a Security Risk
• Auto-filling Forms with Firefox May Present a Security Risk

Windows: Minor, • Update outdated device drivers
• Run AntiVirus
• Enable System Restore

I see AntiVir PersonalEdition running in the HJT log, update the program and make sure it is functioning properly. If you have any doubts, uninstall and reinstall it. Malware can mess up antivirus programs.
System Restore: I would never run with it off, you need to turn it off, reboot and turn it on to clean it if infected files get in SR, but a infected SR is better than no SR in a crisis.

Thanks
pskelley
2008-01-26, 12:57
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.