computer runs very slow

Browntoa

is that the whole log ??

looks like some missing from the bottom ??

Browntoa

these need to be deleted

O2 - BHO: (no name) - !!00000000-59D4-4008-9058-080011001200} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - !!00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - !!00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - !!77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - !!8333c319-0669-4893-a418-f56d9249fca6} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
(Description: A hidden or missing adware entry.)

run hijack this again, tick those items then Press the "Fix checked" button. Then close HijackThis and reboot and run off a new log and post that

browney_2

no thats it.. where do I find the thread 133269 it wont work when I click on to it.

Thanks

Browntoa

this is the text from that thread

Download the following software, in each case as it downloads click on the “Run” button on the File download box that opens to install the software.

1)Trial version of Ewido Security Suite here.

• Install ewido.
• During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido
• It will prompt you to update click the OK button and it will go to the main screen
• On the left side of the main screen click update
• Click on Start and let it update.
• DO NOT run a scan yet. You will do that later in safe mode

2)Ad-Aware from Lavasoft from here

http://www.lavasoftusa.com/support/download/

Install, click Check for Updates now and get any updates, then exit

3)Crap Cleaner from

http://www.ccleaner.com/ccdownload.asp

Install only, then exit

4) Microsoft Winows Defender (this can only be used with Windows 2000/XP/2003) (was known as Microsoft AntiSpyware)

http://www.microsoft.com/athome/secu...e/default.mspx

Install it and update it

5)Spybot Search and Destroy

http://www.majorgeeks.com/download2471.html

Install, do the search for updates now and get any updates, Make sure you leave the SDhelper ( IE bad download blocker) checked to install (this is the default).

You will need to disable system restore, boot into safe mode, scan for the problem and finally re-enable system restore.

For Windows XP:

1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Check the box that says "Turn off system restore on all drives". Click OK.
4: Click Yes when you are prompted to restart the computer
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

For Windows Millenium:

1: Right-click My Computer, and then click Properties.
2: On the Performance tab, click File System, or press ALT+F.
3: On the Troubleshooting tab, click to select the Disable System Restore check box.
4: Click OK twice, and then click Yes when you are prompted to restart the computer.
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box

Browntoa

Malware Removal

Please back up any important documents,emails and photographs before you start.

Important:- Before starting make sure you print these instructions as you will not be able to connect to the internet.

The best method to remove malware is to do it after booting in Safe Mode. Please note to complete ALL these scans may take some time so make sure you allow yourself plenty of time.

Boot to safe mode now.

For info on how to boot to safe mode click on the link below:

http://service1.symantec.com/SUPPOR...001052409420406

Shut down ALL unrequired applications including browsers

1) Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner

2) Run Ewido:

• Click on scanner
• Click Complete System Scan and the scan will begin.
• During the scan it will prompt you to clean files, click OK
• When the scan is finished, look at the bottom of the screen and click the Save report button.
• Save the report to your desktop

3) Run Spybot Search & Destroy and allow it to fix all that it finds

4) Run Ad-Aware SE and select Perform full system scan box and allow it to fix all that it finds

56) Run Windows Defender and allow it to fix all that it finds

You will now need to get back into normal Windows mode by reversing the steps you took to get into safe mode

When Windows has booted up connect to the Internet and see if the problem is still happening, if so you may need to boot back into safe mode again and do a 2nd run of steps 2) to 6).

browney_2

Here is the new log, thank you for all your help

Logfile of HijackThis v1.99.1
Scan saved at 13:37:09, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: PBUKV2 - !!4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O2 - BHO: CNisExtBho Class - !!9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - !!0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PBUKV2 - !!4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05

\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Browntoa

that looks better, now run trough the steps above about downloading and running all that stuff in safe mode, should take an hour or so

then see how the PC runs afterwards, by the way you have Nortons installed so you should have some protection unless the update licience has expired, do you remember if it came with twelve months free ?

browney_2

no it expired think it lasted two months. might buy it. Thanks for all your help. i'm gonna do all the above stuff later and will let you know, if not today tomorrow. My computer is already a lot faster. Thanks again

Browntoa

no need to buy it, we can remove it and replace with very good FREE alternatives (use them myself !!)

browney_2

I have tried to use spybot search and destroy and the downloads come up as bad checksum, I think one is working now. tried some of the others found small trojan small.dam. They have been quarantined - what does this mean ?

thanks