I need Help. My Windows Media Player and computer is running Extremely Slow!

Welcome to MGs!

First please disable Spybot's Teatimer function as requested in the READ ME. It can be a big resource hog and frequently makes it difficult to remove malware issues.

Since you are indicating you are having performance problems, you should consider uninstalling BigFix which is a notorious resource hog. Do you really think you will need or use this. If so, you should at a minimum stop it from loading at startup and run it only when needed.

You must go back to step 7 of the READ ME and install HijackThis properly. You have it where we request it not be installed:
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

Do you use the below:
C:\Program Files\PromptCast\PromptCast.exe

I'm starting to look thru your logs now.

 

Another question. Do you really need/use the below:
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [ESPN360] C:\Program Files\ESPN360\bin\espn360.exe -nogui

Comment:
You should only load Limewire when you want to use it (not recommended to use anyway) instead of always loading it at startup.


Okay! Let's fix some obvious problems!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {136883CB-C223-44E2-9AD1-83F0CF8B6371} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {2B884FD8-3522-4DAE-B996-FC05C10C916E} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: SDWin32 Class - {48D4B5AF-0684-4687-BE35-C9DF2188036D} - C:\WINDOWS\system32\figdv.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {5D59B7AE-5824-468F-A83F-A2BC0AEEE3D4} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {5E9CA88A-51C6-4811-904F-5F51CAC91972} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {6A0E9F94-B85C-45BE-92FB-9131A21A2F38} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {A06C6DED-9325-4781-AC07-BEA9BA16E421} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {A9D61A55-B0F9-4D28-9613-6E884FCA6B9B} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {B27087D4-B3AE-417C-9702-5AEDD35C598D} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {C3AFD202-B190-4D40-99FC-4ABD8524B320} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {CCC2FC07-2794-4B96-A041-33275B910F61} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {D07A2D77-EB4C-43C1-BD07-065968388CF8} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O2 - BHO: (no name) - {EE81BF3E-6B3B-49D5-9682-389D24C8D2B7} - C:\Program Files\c5fu22kb\c5fu22kb.dll
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MBw8Ric6P] csrfnet.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\c5fu22kb <--- the whole folder
C:\Program Files\PartyGaming <--- the whole folder
C:\Program Files\AWS <--- the whole folder
C:\Program Files\hpdll <--- the whole folder
C:\WINDOWS\system32\figdv.dll
C:\WINDOWS\system32\ossproxy.exe
C:\WINDOWS\system32\csrfnet.exe
C:\WINDOWS\SysCheckBop32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Is PromptCase in Add/Remove programs? If so uninstall it if you do not use it. Otherwise we will have to do it manually.

You log looks good now but you can also fix the below since you really do not need to load it at startup.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

I no longer see Limewire. Did you uninstall it?

How is everything working now?

 

That one I cannot answer. Try the Software Forum. And I don't know how much disk space you have anyway.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link (you definitely still need some of this especially the firewall):

How to Protect yourself from malware!

 

You're welcome. Surf safely!