Author Topic: IE running really really slow. (Read 9698 times)

Natureguy04 · « **on:** March 13, 2010, 11:28:57 PM »

So me Internet explorer has been running really slow. I did the virus adware things. Here are the logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/13/2010 at 09:03 PM

Application Version : 4.34.1000

Core Rules Database Version : 4453
Trace Rules Database Version: 2275

Scan type : Complete Scan
Total Scan Time : 02:24:49

Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 7427
Registry threats detected : 0
File items scanned : 122973
File threats detected : 9

Adware.Tracking Cookie
   C:\Documents and Settings\Devin Walker\Cookies\devin_walker@pointroll[2].txt
   C:\Documents and Settings\Devin Walker\Cookies\devin_walker@atdmt[2].txt
   C:\Documents and Settings\Devin Walker\Cookies\devin_walker@doubleclick[1].txt
   C:\Documents and Settings\Devin Walker\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@interclick[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt

Malwarebytes' Anti-Malware 1.43
Database version: 3506
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/13/2010 11:17:41 PM
mbam-log-2010-03-13 (23-17-41).txt

Scan type: Quick Scan
Objects scanned: 109824
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:52 PM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\(HJT)\sniper.exe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7464 bytes

I've been playing a social city on Facebook. That's when the problem started happening.

SuperDave · « **Reply #1 on:** March 15, 2010, 01:36:18 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

===========================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

==============================
I don't see anything in these logs that would cause your computer to be slow. Could your slowness on the internet be caused by your Internet Provider? Is your computer slow when not on the net?. Check this link and see if any of if helps.

Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Natureguy04 · « **Reply #2 on:** March 15, 2010, 09:23:32 PM »

Thanks Dave.

I did what you suggested. To answer your questions, I have comast and am told it's super high speed...bla bla bla. My computer is only slow on the net. I checked out that link and have done most of those things in the past few days. After doing the whole malware thing it seems to be running better.

SuperDave · « **Reply #3 on:** March 16, 2010, 01:25:21 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

Natureguy04 · « **Reply #4 on:** March 18, 2010, 09:26:10 PM »

Here is the ComboFix Log

ComboFix 10-03-18.01 - Devin Walker 03/18/2010 21:14:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.910 [GMT -6:00]
Running from: c:\documents and settings\Devin Walker\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Devin Walker\Application Data\inst.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-18 01:05 . 2010-03-18 01:05   --------   d-----w-   c:\windows\Logs
2010-03-18 00:28 . 2010-03-18 00:28   --------   d-----w-   c:\program files\2BrightSparks
2010-03-18 00:26 . 2010-03-18 00:27   1877540   ----a-w-   c:\program files\SyncBack_Setup.zip
2010-03-14 06:22 . 2010-03-14 06:22   503808   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-771970f9-n\msvcp71.dll
2010-03-14 06:22 . 2010-03-14 06:22   499712   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-771970f9-n\jmc.dll
2010-03-14 06:22 . 2010-03-14 06:22   348160   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-771970f9-n\msvcr71.dll
2010-03-14 06:22 . 2010-03-14 06:22   61440   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56b4bbb8-n\decora-sse.dll
2010-03-14 06:22 . 2010-03-14 06:22   12800   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56b4bbb8-n\decora-d3d.dll
2010-03-14 00:24 . 2010-03-14 00:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-14 00:24 . 2010-03-14 00:25   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\OnlineArmor
2010-03-14 00:17 . 2009-12-05 14:28   24656   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-03-14 00:17 . 2009-12-05 14:27   29776   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-03-14 00:17 . 2009-12-05 14:27   223312   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-03-14 00:17 . 2010-03-14 00:17   --------   d-----w-   c:\program files\Tall Emu
2010-03-10 02:31 . 2009-10-23 15:28   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2010-03-06 05:30 . 2010-03-06 05:30   5582848   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Facebook\npfbplugin_1_0_3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 05:01 . 2008-09-05 05:57   288   ----a-w-   c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80671102}.dat
2010-03-18 05:01 . 2008-09-05 05:57   288   ----a-w-   c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80671102}.dat
2010-03-18 03:12 . 2009-10-31 06:39   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\vlc
2010-03-15 05:16 . 2008-12-18 04:41   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\stickies
2010-03-14 06:22 . 2008-10-09 01:06   --------   d-----w-   c:\program files\Java
2010-03-14 06:01 . 2009-10-14 04:29   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-14 01:35 . 2010-01-07 01:07   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-06 23:58 . 2010-02-08 01:01   50354   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Facebook\uninstall.exe
2010-03-06 23:58 . 2010-02-08 01:01   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\Facebook
2010-03-06 23:41 . 2009-10-14 04:45   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\CameraWindowDC
2010-02-16 03:44 . 2008-10-09 22:25   1   ----a-w-   c:\documents and settings\Devin Walker\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-16 03:44 . 2008-10-09 22:20   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\OpenOffice.org2
2010-02-01 22:04 . 2010-02-01 22:04   847040   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04   5578752   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-22 00:04 . 2009-08-16 20:03   --------   d-----w-   c:\documents and settings\Devin Walker\Application Data\Move Networks
2010-01-22 00:02 . 2009-08-16 20:04   144160   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Move Networks\uninstall.exe
2010-01-22 00:02 . 2009-12-07 01:22   5603776   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-22 00:02 . 2010-01-22 00:02   1795704   ----a-w-   c:\documents and settings\Devin Walker\Application Data\Move Networks\MoveMediaPlayerWin_071705000014.exe
2010-01-07 01:08 . 2010-01-07 01:08   52224   ----a-w-   c:\documents and settings\Devin Walker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 01:08 . 2010-01-07 01:08   117760   ----a-w-   c:\documents and settings\Devin Walker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 16:50 . 2003-03-31 12:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-30 21:55 . 2010-01-07 02:03   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 21:54 . 2010-01-07 02:03   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-30 21:23 . 2009-12-30 21:23   38380   ---ha-w-   c:\windows\system32\mlfcache.dat
2009-12-21 19:14 . 2006-06-23 17:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2007-10-15 16:30 . 2007-10-15 16:30   148242   ----a-w-   c:\program files\Common Files\ReportPreview.app
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Devin Walker^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Devin Walker\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Devin Walker^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\Devin Walker\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ------w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-06-09 02:07   28672   ----a-w-   c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 14:38   241664   ----a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 23:28   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 07:00   28672   ----a-w-   c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 04:59   4347120   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 19:32   5033984   ----a-r-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 19:32   741376   ----a-r-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 06:08   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-05-13 22:07   319488   ----a-w-   c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-05-22 06:20   868352   ----a-w-   c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-02 00:44   65536   ----a-w-   c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27   144784   ----a-w-   c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00   90112   ------w-   c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\CreatePhotoCalendars\\EZPhotoCreations\\sources\\ezphotocreations.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/13/2010 6:17 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/13/2010 6:17 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/13/2010 6:17 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/4/2009 10:42 PM 108289]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 2:57 PM 6144]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/13/2010 6:17 PM 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/13/2010 6:17 PM 3291336]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/17/2008 9:05 PM 16512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\avscan.job
- c:\program files\Avira\AntiVir Desktop\avscan.exe [2009-12-05 18:26]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{1CCBC0E5-7AEA-4105-9C1B-0C2B94766677}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
Trusted Zone: aol.com\free
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
AddRemove-HijackThis - c:\program files\Trend Micro\(HJT)\HijackThis.exe

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,25,f7,ba,b6,f9,b6,43,86,70,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,25,f7,ba,b6,f9,b6,43,86,70,b4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:33,2b,0a,ec,6c,ec,3b,33,c3,59,83,31,6a,aa,96,6c,78,20,ae,44,72,
4f,6d,28,58,5a,57,c3,02,84,a6,f4,da,c1,8a,93,17,76,f4,76,53,30,4c,a0,91,2e,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:33,2b,0a,ec,6c,ec,3b,33,c3,59,83,31,6a,aa,96,6c,78,20,ae,44,72,
4f,6d,28,58,5a,57,c3,02,84,a6,f4,da,c1,8a,93,17,76,f4,76,53,30,4c,a0,91,2e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(460)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\CLBCATQ.DLL
.
Completion time: 2010-03-18 21:29:15
ComboFix-quarantined-files.txt 2010-03-19 03:29

Pre-Run: 193,721,155,584 bytes free
Post-Run: 193,765,920,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - D47CE4FE6312E9BAE6DFF55E9F171DFD

*******************************************
*******************************************
Here is the Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:19 PM, on 3/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\(HJT)\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6740 bytes

I just hope i'm doing this right.

Thanks

SuperDave · « **Reply #5 on:** March 19, 2010, 07:52:55 AM »

Quote

I just hope i'm doing this right.

Thanks. It was done correctly. I can't see anything in the logs that would cause a slowdown while surfing. Let's try one more scan.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Natureguy04 · « **Reply #6 on:** March 22, 2010, 10:22:49 PM »

So it found not threats and I couldn't find any log to post.

SuperDave · « **Reply #7 on:** March 23, 2010, 08:30:39 AM »

Download GMER Rootkit Detector and save it your desktop.

* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

Natureguy04 · « **Reply #8 on:** March 23, 2010, 09:28:47 PM »

Okay here is the log. It took me 4 times to get this to work. It kept shutting down my computer.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 21:28:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\uwlyipob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xB83A5420]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xB83A5C60]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xB83A3A90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xB83B2CB0]
SSDT BA9027AE ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xB83A3740]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xB83A0320]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xB83A0710]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xB839FDE0]
SSDT BA9027A4 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xB83A2900]
SSDT BA9027B3 ZwDeleteKey
SSDT BA9027BD ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xB83A3410]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xB83A4B40]
SSDT BA9027C2 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xB83B3420]
SSDT BA902790 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xB83A0080]
SSDT BA902795 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xB83A58A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xB83A4FB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xB83A5E00]
SSDT BA9027CC ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xB83A4690]
SSDT BA9027C7 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xB83A3060]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xB83A3E80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xB83A26E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xB83A2AA0]
SSDT BA9027B8 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xB83A4A10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xB83A3240]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xB83A2E60]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xB83A2C90]
SSDT BA90279F ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xB83A24B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xB83A4D70]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xB83A5A70]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [40, 37, 3A, B8, 20, 03, 3A, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [40, 32, 3A, B8, 60, 2E, 3A, ...]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBA798340, 0x1215FF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x2597B1, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\csrss.exe[432] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\winlogon.exe[456] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\services.exe[500] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\lsass.exe[512] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text ...
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D70001
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1016] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1016] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1156] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1300] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\System32\CTsvcCDA.exe[1312] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\Java\jre6\bin\jqs.exe[1348] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text ...
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\Explorer.EXE[2204] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[2204] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\iPod\bin\iPodService.exe[2652] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3076] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3076] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3076] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3076] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3200] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\notepad.exe[3284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\notepad.exe[3284] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\notepad.exe[3284] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\notepad.exe[3284] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\notepad.exe[3284] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\DEVINW~1\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3424] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Program Files\iTunes\iTunesHelper.exe[3500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3500] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\iTunes\iTunesHelper.exe[3500] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3500] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3564] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3564] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3564] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3684] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01940001
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3684] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3684] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3684] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3684] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3684] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
.text C:\WINDOWS\system32\ctfmon.exe[3724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\ctfmon.exe[3724] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01280001
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3992] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3992] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3992] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F76FA300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F76FA360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F76FA610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F76FA650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F76FA610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F76FA360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F76FA300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F76FA610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F76FA650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F76FA300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F76FA360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x33 0x2B 0x0A 0xEC ...

---- EOF - GMER 1.0.15 ----

SuperDave · « **Reply #9 on:** March 24, 2010, 07:18:58 PM »

Again, I can't find anything that would slow your computer while on the internet. Perhaps you could try a new thread in this forum. Mention that you've already been checked for malware. Let's do some clean-up. You can uninstall HJT and delete ESET and GMER.exe
. You may keep SAS and MBAM if you wish. Update them and run them regularly.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

===========================
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
================================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: IE running really really slow. (Read 9698 times)

Natureguy04

IE running really really slow.

SuperDave

Re: IE running really really slow.

Natureguy04

Re: IE running really really slow.

SuperDave

Re: IE running really really slow.

Natureguy04

Re: IE running really really slow.

SuperDave

Re: IE running really really slow.

Natureguy04

Re: IE running really really slow.

SuperDave

Re: IE running really really slow.

Natureguy04

Re: IE running really really slow.

SuperDave

Re: IE running really really slow.