Ive done CCleaner and it like very slow on start up and laggs

On the other account do this please:


Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

Then...



www.pandasoftware.com/activescan/

Internet Explorer Required
Please run this online virus scan: ActiveScan

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)
- Select either Home User or Company
* Click the big Scan Now button
* If/when you get a notice that Panda wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on Local Disks to start the scan
* When the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop and post it back here please and a new hijackthis log as well. Thanks.


Since it is so slow the above scan is going to take a long time to do.

the panda didnt find anything .... got some wierd probelm when i run like some big programs i somethimes the screen goes blue and it says "a problem has been detected and windows has been shut down to prevent damage to your computer .... if you see this screen for the first time ......" i hve no idea mabe some memory lost ??

ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Reader 6.0.1
Adobe Stock Photos 1.0
ArcSoft PhotoBase 3
BitLord 1.1
BitTorrent 4.2.2
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
BlasterBall Wild from Hewlett-Packard Desktops (remove only)
BlueAuditor 1.0.1
CA eTrust PestPatrol
CCleaner (remove only)
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD II Driver
Creative Zen Touch
DivX Codec
DivX Player 2.1
DVD@ccess 2.0.3
easy Internet sign-up
ewido anti-malware
Excavation from Hewlett-Packard Desktops (remove only)
FlashGet(JetCar)
GemMaster 3 from Hewlett-Packard Desktops (remove only)
GetRight
HijackThis 1.99.1
Hotfix for Windows XP (KB912475)
HP Deskjet printer preloaded drivers
HP Digital Imaging Album Printing 1.0
HP Memories Disc
HP Photo and Imaging 1.2 - Photosmart Cameras
HP Photosmart printers preloaded drivers
HP Scanjet scanner preloaded drivers
Intel(R) Extreme Graphics Driver
InterVideo WinDVD Player
iPod for Windows 2005-03-23
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 3
KBD
K-Lite Codec Pack 2.53 Full
Lexmark 4200 Series
LimeWire PRO 4.10.5
Lizardtech DjVu Control
Macromedia Flash Player 8
Magic ISO Maker v4.9 (build 0144)
Men In Black II CROSSFIRE from Hewlett-Packard Desktops (remove only)
Messenger Plus! 3
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft Encarta Encyclopedia Standard - WE 2003
Microsoft Money
Microsoft Money System Pack
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mozilla (1.4)
Mozilla Firefox (1.5.0.3)
MSN Messenger 7.5
MSXML4 Parser
ninemsn Toolbar
NJStar Communicator
Nokia Connectivity Cable Driver
Nokia PC Suite
NOMAD Explorer
OLYMPUS CAMEDIA Master 4.0
OptusNet Cable Components
Panda ActiveScan
PC-Doctor for Windows
PenPowerJR-5.0
Philips ToUcam XS Camera
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RadLight APE DirectShow filter (remove only)
RealPlayer
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Select CashBack
Shizmoo Web Games
Shockwave
ShowBiz DVD
Silkroad
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
SiS 650_651_M650_M652_740
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Snowboard Extreme from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
Space Rocks from Hewlett-Packard Desktops (remove only)
Spy Sweeper
Spybot - Search & Destroy 1.4
Stomp RecordNow MAX
Sunbelt Kerio Personal Firewall
TES Construction Set
toolkit
Tvants 1.0
Ulead Video ToolBox 2.0 Plus Nokia Edition
UltraISO 8.0 Premium Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Updates from HP
Virtual Warfare from Hewlett-Packard Desktops (remove only)
Westwood Shared Internet Components
Win AVI HelixSDK
WinAce Archiver
WinAVIVideoConverter
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
XoftSpy
YSIGet

How much memory etc. do you have left on your computer?


Thru add/remove program uninstall these:


Select CashBack
LimeWire 4.10.5
Xoftspy or Spybot---maybe a possible conflict going on with both of those running


You have a ton of stuff in add/remove is there anyway you can live without some of that stuff?

ok done i have only 13.1 gb left

The blue screen is very bad I'm afraid.


Go here: http://support.microsoft.com/?scid=kb;en-us;897079


And run this removal tool just in case you have that infection.

This problem may occur if the computer is infected with a variant of the Sdbot virus.

The Sdbot virus creates a hidden process. This process closes programs that system administrators use for diagnostic and configuration purposes. The process may also prevent these programs from running.

The file name of the Sdbot virus varies. Many variants of this virus put a driver that is named Msdirectx.sys or Haxdrv.sys on the computer. This driver is used to hide the virus process. The file names that the virus frequently uses include Msdrv.exe and Sdkcore.exe. These virus variants can restore the virus if you delete the files.
Back to the top Back to the top
RESOLUTION
To resolve this problem, use one of the following methods:

Automatic Removal

To automatically remove some versions of this virus, run the Microsoft Malicious Software Removal Tool.

The April release of this utility can remove some variants of this malware. You can find information and downloads for the Malicious Software Removal Tool at the following locations:
• http://www.microsoft.com/downloads/d...displaylang=en (http://www.microsoft.com/downloads/d...displaylang=en)
• http://www.microsoft.com/security/ma...e/default.mspx

Might do a system file check also if you have installation CD.

Info here:

http://ask-leo.com/what_is_the_syste..._i_run_it.html


Have you ever did a defragmentation on this computer?

Go to start>all programs>accessories>system tools>click disk defragmenter and let it run.


Also see if you can do this:


Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

hi

Do i have to Manual Removal for Sdbot virus ? i've done one of the scans but it didn't pick up anything so .... and i dont have installation cd for the comp.

ill post my SilentRunners when i finish defragment .

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [MS]
"WeatherBug" = "C:\Program Files\Aws\WeatherBug\weatherbug.exe" [file not found]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"hp Silent Service" = "C:\Windows\system32\HpSrvUI.exe" ["Hewlett-Packard Co."]
"CamMonitor" = "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]
"Share-to-Web Namespace Daemon" = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"Lexmark 4200 Series" = ""C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"" ["Lexmark International, Inc."]
"SiS KHooker" = "C:\WINDOWS\system32\khooker.exe" [file not found]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"PPHIDPAD" = "C:\WINPENJR\Win32\pphidpad.exe" [null data]
"eTrust PestPatrol Active Protection" = ""C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"" ["Computer Associates"]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray" ["Nokia"]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = "*c" (unwritable string)
-> {HKLM...CLSID} = "bho2gr Class"
\InProcServer32\(Default) = "C:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ST"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MSNToolBandBHO"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

No on manual, that was just a shot in the dark, if tool found nothing then it's ok.


The only thing i see in silent runners is flashget, messengerplus3 and weatherbug and if they are the free version like I said before they are infected. Are they the free version?


Last thing if this does not show something then apparently you have other issues with your computer.



http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.