New here! Still learning, but looking for help with a possible infection. Windows XP operating system is slowing by the minute (after visiting very bad website). Have run every possible virus & malware scan - AVG, Norton, Spy Docter, Trojan Hunter, Trend Micros, Spybot, Adware, and I'm cleaning stuff out but to no end. Next steps?

Thanks in advance!

Welcome to the PC Guide forums!
I moved your thread to the Applications & Security forum as you won't find much help in After Hours.

Download HijackThis, make a new folder on the hard drive and unzip the HJT into that folder. Run the exe that results in that folder and make a logfile.
http://www.spywareinfo.com/~merijn/programs.php

Copy/paste the log into replies here until it is all here, split the log into sections if needed if it is too large.
The experts will analyze the log and advise you what steps to do to remove items, don't fix anything until they say to do so.
Are you getting any popups or other symptoms?

Ok! Will do.. appreciate your time!

file of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:15:14 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Danny\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: [url]http://*.nwmls.com[/url]
O15 - Trusted Zone: [url]http://*.rapmls.com[/url]
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8835 bytes

Oh and no popups or other such symptoms. System speeds up a wee bit once I've been on it awhile and used the internet w/out any add-ons. The incredibly slow start of any application is the main problem.
Thanks

The incredibly slow start of any application is the main problem.
Thanks


Umm....let's see...

You have both Norton and AVG scanning and updating. Both Spyware Doctor and AdAware running things (Spybot, too)...a boat load of HP crap(updater)...Java updater, Real updater...

That combination will bring just about any system to its knees...on many systems Norton alone is enough to kill performance.

What were/are the specific signs that you are/had been infected?

What were some of the items the malware removal tools caught/removed?

I don't care how powerful a computer is, when you have a whole host of programs all trying to do the same thing at the same time, your performance will end up in the basement.

Thanks for the thoughts. Unfortunately, all those programs were uploaded after the sudden slowing, the only programs I originally had were Norton, Ad-Aware & Spybot and they found nothing. Don't really have any other symptons-AVG keeps finding adware.minibug.

Please turn off the resident protection options on all but one of each type of protection software... If you do find malware, you will need to turn a bit more off temporarily, but generally do not run any 2 protection programs with the same function in resident mode at the same time -- they will conflict and may do more harm than simply slowing things down...

To dig a little deeper, please do this...

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

ComboFix 07-09-21.2 - "Danny" 2007-09-30 15:32:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.

2007-09-30 15:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 00:19 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\TrojanHunter
2007-09-29 00:05 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-28 23:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-28 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-28 23:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-28 22:35 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-28 22:33 <DIR> d-------- C:\DOCUME~1\Danny\.housecall6.6
2007-09-28 14:01 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-09-28 01:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-28 01:04 <DIR> d-------- C:\Program Files\CCleaner
2007-09-27 21:21 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-27 21:21 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-27 21:21 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-27 21:21 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-09-27 21:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-27 21:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-27 21:21 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\PC Tools
2007-09-27 21:20 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-12 22:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-30 14:52 --------- d-------- C:\Program Files\Plaxo
2007-09-28 23:02 --------- d-------- C:\DOCUME~1\Danny\APPLIC~1\Lavasoft
2007-09-28 21:49 --------- d-------- C:\Program Files\Google
2007-09-28 21:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-20 20:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-20 13:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-20 13:23 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-20 13:23 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-20 13:23 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-20 13:23 --------- d-------- C:\Program Files\Symantec
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-12 22:33 --------- d-------- C:\Program Files\Common Files\Real
2007-08-10 22:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-03 22:48 --------- d-------- C:\Program Files\Norton AntiVirus
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 11:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 11:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 11:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 11:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 11:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 11:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 11:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 11:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 11:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 11:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 11:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 11:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 11:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 11:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 11:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 11:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 11:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 07:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
.

more in next post...

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 13:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 13:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 10:15]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 10:15]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 13:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-20 15:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-28 14:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:33]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-16 07:02]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33]
"DXDllRegExe"="dxdllreg.exe" []
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 11:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 13:42]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-04-01 13:14]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-28 14:01 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-18 04:56:42 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Danny.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-09-30 15:38:19
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?6?8?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-09-30 15:41:41
.
--- E O F ---

I don't see any malware... It looks like it is a matter of reducing redundant programs and disabling unnecessary resident programs where it is safe to do so... You do need to update Java, but that is a minor issue...

Updating Java:

Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have this icon next to it: http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Select any found (one at a time) and click Remove.
Then Download and install the newest version from here:

http://java.sun.com/javase/downloads/index.jsp



It would probably be a good idea to defrag the hard drive and clear out your temporary folders and excess files... You have CCleaner which you can use to do some cleanup...

Oh, and to permanently get rid of minibug...uninstall Weatherbug...

Thank you for all your help!! What a great forum! Reading thru some of the other discussions - very informational!
By the way, how do I get rid of weatherbug mentioned above!
Thanks again!

Weatherbug should have an entry on 'Add/Remove Programs'...if you've already uninstalled it, look for the weatherbug folder and delete the folder...in Safe Mode, is best. As far as info-harvest bots go, weatherbug is pretty innocuous and low on the pecking order of 'problems', but it still does 'phone home' with more info than a weather monitoring program should, which, other than your zip code for getting the local forecast should be nothing.

There isn't any evidence of WeatherBug in the logs, so I think it is already gone... I also didn't see minibug, are you still getting notices about it??

The folder for WeatherBug would be at this location if it is still there:

C:\Program Files\AWS

It seems to be Java that's majorly messing with my computer - before and after updating it. I removed all old programs and downloaded an updated version as suggested in previous post. But my computer immediately slowed to a snails pace - almost unusable - so I've had to remove it again. Previously I had disabled all add-ons in Internet Explorer and that too helped tremendously with this problem. So the question is how do I use Java now w/out seriously killing my computer? And, why after 2 years would Java all of a sudden be a problem?

PS And yes, I have done every other conceivable thing to clean up my computer.

Java shouldn't be slowing down your computer... It normally only has one thing running which checks for updates and I believe that is only a few moments of computer time... I turn it off on mine, but it shouldn't be a big deal anyway... That suggests that either something else is seriously misconfigured or you do have malware... Try a couple more scans to check:

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


and this............

* Download Dr.Web CureIt to the Desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


Post the logs...

Ok so I apparently can't do the first task because I'm using Mozilla not Internet Explorer anymore.

I ran Dr Web but it found nothing! I couldn't find where to scan drivers so I did a full system scan and it found A0280290.exe in c:\Systemvolumeinformation and says its "probably DLOADER.Trojan". It was incurable and moved. I'm still figuring out the report part-more to come.

Thanks

Just post the report...

Also, use IE to run F-Secure... It should still be installed since it is part of Windows and it is okay to run it as long as you have other protections in place and don't go to any where other than the F-Secure site and to Windows for updates...