Slow loading resume

**CTN** · 11-05-2010

Before I can completely clean up my computer, its loading had slowdown like before. Please help.

Thanks.

**broni** · 11-05-2010

Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

STEP 3. Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**CTN** · 12-05-2010

Hi Broni,

Here are my computer information: Processor = Intel Pentium (R) 4 CPU 1.90 GHz
1.89GHz, 248MB of RAM
C drive = 19.5 GB , free space = 4.49 GB

**broni** · 12-05-2010

248MB of RAM

This is surely an issue. If this is XP, you'd like to have at least 512MB of RAM.

**CTN** · 12-05-2010

Hi Broni,

Here are my computer information:
Processor = Intel Pentium (R)4 CPU 1.90 GHz, 1.89 GHz, 248 MB of RAM
Drive C = 19.5 GHz, free space = 4.49 GB
Drive D = 17.7 GB, free space 7.3 GB

Attach are the scan results. Right now it takes more than 30 minutes to load.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4089

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/11/2010 12:49:15 PM
mbam-log-2010-05-11 (12-49-15).txt

Scan type: Quick scan
Objects scanned: 114912
Time elapsed: 20 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-12 12:50:13
Windows 5.1.2600 Service Pack 3
Running: e7c583ci.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwryipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF02486B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF0248574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF0248A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF024814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF024864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF024808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF02480F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF024876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF024872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF02488AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x83 0xC4 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x82 0x83 0xC4 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x82 0x83 0xC4 0xB4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x09 0x15 0x41 0x91 ...

---- EOF - GMER 1.0.15 ----

**broni** · 13-05-2010

...and HJT log?

**CTN** · 13-05-2010

Hi,
Sorry about that. Here are all the 3 logs.

Thanks.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:54 AM, on 5/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\HPLiteSaver.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: NetRadioMusic Toolbar - {fd39c410-4e3d-424b-aaba-d247004dae77} - C:\Program Files\NetRadioMusic\tbNetR.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: NetRadioMusic Toolbar - {fd39c410-4e3d-424b-aaba-d247004dae77} - C:\Program Files\NetRadioMusic\tbNetR.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: NetRadioMusic Toolbar - {fd39c410-4e3d-424b-aaba-d247004dae77} - C:\Program Files\NetRadioMusic\tbNetR.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmartCleaner] "C:\Program Files\Smart Cleaner\SmartCleaner.exe" /SCHEDULED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{02E111BF-52F6-4E80-BEC5-F0E4A8F34F82}: NameServer = 202.188.1.5 202.188.0.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A623516-009C-498F-BDDC-54D5FBAD42AF}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02E111BF-52F6-4E80-BEC5-F0E4A8F34F82}: NameServer = 202.188.1.5 202.188.0.133
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8759 bytes

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4089

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/11/2010 12:49:15 PM
mbam-log-2010-05-11 (12-49-15).txt

Scan type: Quick scan
Objects scanned: 114912
Time elapsed: 20 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-12 12:50:13
Windows 5.1.2600 Service Pack 3
Running: e7c583ci.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwryipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF02486B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF0248574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF0248A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF024814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF024864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF024808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF02480F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF024876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF024872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF02488AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x83 0xC4 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x82 0x83 0xC4 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x82 0x83 0xC4 0xB4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x09 0x15 0x41 0x91 ...

---- EOF - GMER 1.0.15 ----

**broni** · 13-05-2010

Your computer seems to be malware free.
As I said before, your main problem is low amount of RAM.
You need to install more RAM.

Meanwhile, we can try couple of things, but upgrading RAM is a must.

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

I also suggest, you uninstall Spybot, which slow most computer down, especially those with low amount of RAM.

I recommend, you unistall Adobe Acrobat Reader, which is a resource hog, and install FoxIt Reader: Download Foxit Reader 3.3.0.0430 - FileHippo.com, which is much smaller, and faster. It does very same thing.
Make sure, you run "custom" install, and opt out from installing any extra toolbars.

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SmartCleaner] "C:\Program Files\Smart Cleaner\SmartCleaner.exe" /SCHEDULED
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

5. Click on Fix checked button.

6. Restart computer.

**CTN** · 17-05-2010

Hi Broni,

I do not have the chance to add more RAM yet. So, meanwhile I did what you recommended and my computer now loads a lot faster.

Thank you very much for your help.

**broni** · 17-05-2010

I'm glad to hear better news

Good luck and stay safe

Slow loading resume

Slow loading resume

Similar Threads

Slow loading

slow loading pages please help

Slow loading(RESOLVED)

Slow loading

Slow loading web pages.