slow connection

Hey again,

My comp is having some major issues and I'm wondering if you all can help me out again. Here's the log file. Once again I appreciate all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:24 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 3709 bytes

Could someone please help me? I'm pretty sure this isn't a virus. When my comp starts the internet works fine for less than a minute than it takes between 20 to 50 seconds to load each page.

Moved to Virus, Spyware & Security.

I would have caught it much sooner if it had been in here.

Checking it out now.

Damn it.....Thanks man....It takes about a minute or two to load and reload this page so I'll try to keep up.

You have Nod32 but it is turned off - Why?


Open HijackThis and select Do a system scan only then place a check mark next to:

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll

Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.


Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

IMPORTANT - Combofix.exe MUST be saved to your your Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc)
• Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
  • Click on this link to see a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
• Double click combofix.exe & follow the prompts.
  • From the keyboard select 1 and press Enter
• When finished, it will produce a log for you.
• Post that log in your next reply.

Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.


----------

Next post please add
Combofix log

ComboFix 08-01-18.4 - Owner 2008-01-17 21:48:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.614 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\foxflpd.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-17 21:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 17:45 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-01-13 17:45 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-13 17:45 . 2004-08-03 22:29 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-13 17:45 . 2004-08-03 22:29 1,897,408 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-01-13 12:29 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-13 12:10 . 2008-01-13 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-13 01:56 . 2008-01-13 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-01-12 13:19 . 2008-01-12 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-12 10:43 . 2008-01-12 10:43 <DIR> d-------- C:\Program Files\uTorrent
2008-01-12 10:01 . 2008-01-12 10:02 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-10 21:32 . 2008-01-10 21:32 <DIR> d-------- C:\Deckard
2008-01-10 19:04 . 2008-01-10 19:04 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-01-10 18:47 . 2008-01-10 18:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-09 20:23 . 2008-01-09 20:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
2008-01-09 20:20 . 2008-01-04 14:13 218,520 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-01-09 20:20 . 2008-01-04 14:13 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-01-09 20:20 . 2008-01-04 14:13 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-01-09 20:18 . 2007-12-20 11:24 52,032 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-09 20:18 . 2007-12-20 11:24 41,792 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-09 20:18 . 2007-12-20 11:13 33,600 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-09 20:18 . 2007-12-20 11:13 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-09 20:17 . 2008-01-09 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-09 19:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 19:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 19:34 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 19:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 19:34 . 2008-01-10 12:51 728 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-08 04:32 . 2008-01-17 20:56 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-07 21:54 . 2008-01-07 21:54 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-07 21:34 . 2008-01-07 21:34 87,952 --------- C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-01-07 21:24 . 2008-01-08 15:05 54,764 --a------ C:\WINDOWS\system32\mp32s.sys
2008-01-07 21:15 . 2008-01-16 18:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-07 20:06 . 2008-01-07 20:06 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-07 19:39 . 2008-01-07 20:52 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-06 11:20 . 2008-01-06 11:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-01-06 11:18 . 2008-01-06 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-06 11:13 . 2008-01-06 11:13 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-06 11:13 . 2008-01-06 11:13 <DIR> d-------- C:\WINDOWS\Profiles
2008-01-06 11:13 . 2008-01-06 11:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 11:13 . 2008-01-06 11:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InterTrust
2008-01-06 11:13 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-06 11:12 . 2008-01-06 11:12 <DIR> d-------- C:\WINDOWS\InCD
2008-01-06 11:12 . 2008-01-06 11:12 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-06 11:12 . 2008-01-06 11:12 <DIR> d-------- C:\Program Files\Ahead
2008-01-06 11:12 . 2005-07-12 10:06 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2008-01-06 11:12 . 2005-07-08 16:17 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-01-06 11:12 . 2005-12-28 01:33 59,041 --------- C:\WINDOWS\NuNinst.cfg
2008-01-06 11:12 . 2005-07-08 16:17 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-01-06 11:12 . 2005-07-08 08:17 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2008-01-06 11:12 . 2005-07-08 16:17 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-01-06 11:11 . 2008-01-06 11:44 <DIR> d-------- C:\Program Files\CyberLink
2008-01-06 11:10 . 2008-01-06 11:12 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2008-01-06 11:10 . 2008-01-06 11:10 <DIR> d-------- C:\MyWorks
2008-01-06 11:10 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-01-02 09:01 . 2008-01-02 09:01 <DIR> d-------- C:\Program Files\VSO
2008-01-02 09:01 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-01-02 09:01 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-01-02 09:01 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d-------- C:\WINDOWS\Sun
2008-01-02 01:44 . 2008-01-02 01:44 <DIR> d-------- C:\Program Files\Java
2008-01-02 01:44 . 2008-01-02 01:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 01:44 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-01 10:13 . 2008-01-16 17:52 <DIR> d-------- C:\Documents and Settings\Owner\.dvdcss
2007-12-31 23:31 . 2007-12-31 23:31 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-31 23:31 . 2007-12-31 23:31 <DIR> d-------- C:\KPCMS
2007-12-29 23:12 . 2008-01-08 19:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-29 21:22 . 2007-12-29 21:22 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-29 21:21 . 2007-12-29 21:22 <DIR> d-------- C:\Program Files\Real
2007-12-29 21:21 . 2007-12-29 21:22 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-29 18:59 . 2007-12-29 19:00 <DIR> d-------- C:\Program Files\CCleaner
2007-12-29 05:25 . 2007-12-29 05:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2007-12-29 05:25 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-12-29 05:24 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-12-29 05:12 . 2007-12-29 05:12 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-29 05:06 . 2007-12-29 05:30 <DIR> d-------- C:\WINDOWS\Pixart
2007-12-29 05:06 . 2007-12-29 05:06 <DIR> d-------- C:\Program Files\CIF USB Camera
2007-12-29 05:06 . 2006-11-10 13:51 505,984 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2007-12-29 05:06 . 2006-10-12 18:10 119,296 --a------ C:\WINDOWS\system32\SP207.AX
2007-12-29 05:06 . 2006-11-08 09:54 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2007-12-29 05:06 . 2006-11-14 14:47 518 --a------ C:\WINDOWS\system32\SP207.INI
2007-12-29 04:48 . 2007-12-29 04:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 04:47 . 2008-01-13 12:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-22 22:49 . 2008-01-17 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-22 22:07 . 2008-01-17 21:08 <DIR> d-------- C:\Program Files\Microsoft Small Business
2007-12-22 22:05 . 2007-12-23 05:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-22 22:03 . 2007-12-23 05:13 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-22 21:44 . 2007-12-22 21:44 <DIR> d-------- C:\Program Files\Uniblue
2007-12-22 21:44 . 2007-12-22 21:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-21 01:21 . 2008-01-13 13:42 <DIR> d-------- C:\Program Files\MediaCoder
2007-12-21 01:06 . 2007-12-21 01:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-20 20:09 . 2007-12-29 23:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-20 20:08 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-20 20:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-20 20:08 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-20 20:08 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-20 12:34 . 2008-01-13 11:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-19 20:37 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-19 19:54 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 21:21 185896]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMo n.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSy sMon.sys [2007-12-20 11:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-12-21 08:21]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.s ys [2008-01-04 14:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-01-04 14:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-01-04 14:13]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm. sys [2006-09-12 05:43]
S3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNe tMon.sys [2007-12-20 11:13]
S4 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []

*Newly Created Service* - PROCEXP90
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:49:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-17 21:49:37
ComboFix-quarantined-files.txt 2008-01-18 03:49:29
.
2008-01-17 00:46:59 --- E O F ---

Check out this tutorial to install the recovery console.

---------------

Your Java is out of date leaving your system vulnerable.
Older versions of Java have vulnerabilities that malware can use to infect your system.

Step 1

Go to http://java.sun.com/javase/downloads/index.jsp
On the Sun Java page scroll to the 4th download.
Click to install the new version.

Step 2

Go to Start > Control Panel > Add/Remove programs
Uninstall all older versions of Java.
Remove any item with Java Runtime Environment (JRE or J2SE) in the name.Do not remove Java 6 Update 4
Restart your computer once all Java components are removed.
Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java
Open the Java folder and delete any subfolders except the jre1.6.0_04 folder which was just created by the newest Java installation.

----------------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

--------------

Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
• An Express Scan of your PC notice will appear.
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button.
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
• Copy and paste that log in the next reply

---------------

Next post
Dr Web log

Restart the computer after running ATF-Cleaner.

Hey evilfantasy. I did all that you said and and the drweb curelt found three or four things. It cured them and all but I didn't save that log and when I went to find it it had been written over clean so there's nothing to post from it. I have another continuing problem though. Not sure if this post belongs here or not. When in WMP and wanting to look through my videos as soon as I click on videos WMP freezes up and has to close. Same type of thing has happened to me before.

Lets have a look at another Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:13 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)

--
End of file - 3668 bytes

I don't think it is malware related, but there is one entry in the log that keeps coming back. We can manually delete it though.


Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select Show hidden files and folders.
• Uncheck Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK

----------

Open My Computer form the Desktop to locate and delete this folder and file.

C:\Program Files\Helper\superfindout.dll

----------

Time to do some cleanup and secure the work you have done.

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Hey man, I got rid of that folder and did the rest of what you said but wmp still freezes when I try to view the list of videos in it.

Have you tried reinstalling WMP?