PC is running slow and freezing up.
AT times, have to do manual restart from power button.
Please help.

Here's latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:54 PM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\pacivend.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.38.31/ttinst.cab
O21 - SSODL: Faxisend - {9EAF25B9-1793-4315-8812-A749AE750CD3} - C:\WINDOWS\system32\disonms.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\pacivend.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7443 bytes

There are couple of suspicious entries in the log, so...

Firstly, upload svcprs32.exe file located in C:\WINDOWS\system32 to: VirusTotal - Free Online Virus and Malware Scan for security check. Post the report.

Then....

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: GMER - Rootkit Detector and Remover - Files, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.14966
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Here are the results from virustotal.com

File svcprs32.exe received on 04.14.2009 12:41:56 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.14 -
AhnLab-V3 5.0.0.2 2009.04.14 -
AntiVir 7.9.0.138 2009.04.14 -
Antiy-AVL 2.0.3.1 2009.04.14 -
Authentium 5.1.2.4 2009.04.14 -
Avast 4.8.1335.0 2009.04.13 -
AVG 8.5.0.285 2009.04.14 -
BitDefender 7.2 2009.04.14 -
CAT-QuickHeal 10.00 2009.04.14 -
ClamAV 0.94.1 2009.04.14 -
Comodo 1113 2009.04.14 -
DrWeb 4.44.0.09170 2009.04.14 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.13 -
F-Secure 8.0.14470.0 2009.04.14 -
Fortinet 3.117.0.0 2009.04.14 -
GData 19 2009.04.14 -
Ikarus T3.1.1.49.0 2009.04.14 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.14 -
McAfee 5583 2009.04.13 -
McAfee+Artemis 5583 2009.04.13 -
McAfee-GW-Edition 6.7.6 2009.04.14 -
Microsoft 1.4502 2009.04.14 -
NOD32 4006 2009.04.14 -
Norman 6.00.06 2009.04.14 -
nProtect 2009.1.8.0 2009.04.13 -
Panda 10.0.0.14 2009.04.14 -
PCTools 4.4.2.0 2009.04.14 -
Prevx1 V2 2009.04.14 -
Rising 21.25.12.00 2009.04.14 -
Sophos 4.40.0 2009.04.14 -
Sunbelt 3.2.1858.2 2009.04.13 -
Symantec 1.4.4.12 2009.04.14 -
TheHacker 6.3.4.0.306 2009.04.12 -
TrendMicro 8.700.0.1004 2009.04.14 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.14.1692 2009.04.14 -
VirusBuster 4.6.5.0 2009.04.13 -
Additional information
File size: 823296 bytes
MD5...: 9e0f0d76efd42bb03c1cbdfe55c9a0bd
SHA1..: 78d29609dc6bc148c2bb81c54fdf852b5bb9bcc0
SHA256: bcea083d3e3cad491088bbc0b64b99ff0561fc1aa6d1277d21 4ab2c381d6005f
SHA512: e37be966bb9469bdc4223aa68609fa6c750e1b302d484ec0e5 1c5225ea946de0
d334e12fa0787e1089d6f6a7795fc667ca7483043837754b97 7efb474393e48d
ssdeep: 12288:CMzhn7DZQNGGOLhJbN69M9d7Sges+QW1tqLmD8MFgwyt yLMAO0:CMaNGGO
LE9QSgbV0tMmtFgwytyJB

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x48ca6
timedatestamp.....: 0x473acf6d (Wed Nov 14 10:35:25 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa2905 0xa3000 6.60 5f361e8b77626949199f6c1fd344a8df
.rdata 0xa4000 0x18756 0x19000 3.87 87e8e24d3bd41232a29a1bde63df25f8
.data 0xbd000 0x10898 0xa000 4.85 fdf48d656308bb64f03825d00c54ca50
STLPORT_ 0xce000 0x20 0x1000 0.07 4c904969cc3618128d9ca19466fe888c
.rsrc 0xcf000 0xa20 0x1000 2.62 5757850be6eeed19e57703a1059509a6

( 7 imports )
> ATL.DLL: -, -, -, -, -, -
> KERNEL32.dll: GetTimeZoneInformation, SetLastError, GetWindowsDirectoryA, DuplicateHandle, OpenFileMappingA, MoveFileA, DeleteFileA, LockResource, LoadResource, FindResourceA, LoadLibraryExA, FlushViewOfFile, CreateDirectoryA, InterlockedExchange, GetFileType, GetFileSize, GetSystemInfo, SetFilePointer, SetEndOfFile, WideCharToMultiByte, GetStringTypeA, GetStringTypeW, MultiByteToWideChar, GetCPInfo, LCMapStringA, LCMapStringW, CompareStringA, CompareStringW, ExitThread, CreateThread, PeekNamedPipe, GetFileInformationByHandle, GetCurrentThreadId, GetLastError, CloseHandle, GetCurrentProcess, GetTickCount, Sleep, OpenFile, GetTempPathA, WriteFile, GetSystemDirectoryA, FindFirstFileA, CreateFileA, ReadFile, LoadLibraryA, GetProcAddress, FreeLibrary, GetVersionExA, HeapAlloc, ResetEvent, PulseEvent, SetEvent, CreateEventA, ReleaseMutex, WaitForSingleObject, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, CreateMutexA, UnmapViewOfFile, CreateFileMappingA, MapViewOfFile, GetProcessHeap, HeapFree, GetModuleFileNameA, lstrlenA, GetCurrentThread, lstrcmpiA, GetCommandLineA, SetSystemTime, ReleaseSemaphore, CreateSemaphoreA, TerminateThread, SetEnvironmentVariableA, IsBadCodePtr, IsBadReadPtr, FlushFileBuffers, GetCurrentDirectoryA, GetFullPathNameA, GetOEMCP, GetACP, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetModuleHandleA, GetStartupInfoA, GetVersion, ExitProcess, InterlockedDecrement, InterlockedIncrement, GetSystemTime, GetLocalTime, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, HeapReAlloc, SetHandleCount, GetStdHandle, SetStdHandle, TerminateProcess, HeapSize, TlsSetValue, TlsAlloc, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter
> USER32.dll: CharNextA, DispatchMessageA, GetMessageA, PostThreadMessageA
> ADVAPI32.dll: CloseServiceHandle, ReportEventA, RegisterEventSourceA, RegisterServiceCtrlHandlerA, SetServiceStatus, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, LookupPrivilegeValueA, AdjustTokenPrivileges, ControlService, DeleteService, CreateServiceA, LockServiceDatabase, UnlockServiceDatabase, OpenSCManagerA, OpenServiceA, CopySid, LookupPrivilegeNameA, AllocateAndInitializeSid, InitializeAcl, AddAccessAllowedAce, FreeSid, StartServiceCtrlDispatcherA, RegCreateKeyExA, RegDeleteValueA, RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegQueryValueExA, GetTokenInformation, OpenThreadToken, OpenProcessToken, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, GetLengthSid, DeregisterEventSource
> ole32.dll: CoInitializeEx, CoInitializeSecurity, CoUninitialize, CoInitialize
> SHELL32.dll: SHBrowseForFolderA, SHGetMalloc, SHGetPathFromIDListA, ShellExecuteA
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

RDS...: NSRL Reference Data Set

____________________________________________

I will proceed to the other outlined steps and post a final HJT log, once all prior steps completed.

Thanks so much.

Very good