Driver conflict or malware?

Welcome to Major Geeks!

Since CounterSpy did not work, please uninstall it now before continuing.

I assume you were attempting to work thru the READ & RUN ME. You need to follow the instructions and attach the logs that were requested. You did not attach the logs from GetRunKey and ShowNew and you did not follow the instructions for installing and renaming HijackThis as required. Please attach the below logs:

• GetRunKey
• ShowNew
• HijackThis - from a new scan after properly installing

Note as you are suspecting, your problems may not be malware.

 

Your problems are not related to malware. I will give a few suggestions at the end of this message but first let's take care of some miscellaneous non-malware things.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)

After clicking Fix, exit HJT.


As far as your performance issues go! You have the below installed and I have seen i slow down some users and it may have something to do with your connection issues. You could try uninstalling it and see what happens.
Arovax AntiSpyware 2.0.65
Arovax Shield 2.0.75

However the bigger problem is that since you have the above installed, you should not be using Windows Defender so I suggest that you uninstall it. Also the active shield for AVG Antispyware may be adding to excess system resource usage but this should not be an issue when the 15 day trial period expires because then AVG Antispyware will become only a scanner.

 

This still may not be malware but let's dig a little deeper. Please follow the instructions in the below link and then attach the requested log:

Running GMER to detect rootkits


What browser are you using when it freezes up? I assume Internet Explorer? Have you tried other browsers? You should install the below and see how it runs:

Mozilla FireFox


Also please attach new logs from

• ShowNew
• HijackThis

 

All logs are clean!

But the point was to try FireFox. There should be no reason why FireFox would cause you any problems. Your problems are not due to malware. So all I can suggest at this point is to try another browser or check to see if any of the software you are running is causing you problems. This however is not a topic for the malware forum.

DO you have something inserted in your USB port.


You did not run HijackThis properly! Delete the below two copies of HijackThis:
C:\Documents and Settings\Owner.YOUR-A5B562BA72\Desktop\HijackThis.exe
C:\Program Files\analyse.exe

And from now on if a log is requested, only run this copy:
C:\Program Files\HijackThis\analyse.exe

 

GMER should not be affecting spoolsv.exe. GMER is not really an installed program in the truest sense. It is just something you run when desired to do a scan for rootkits. To remove it, open Windows Explorer and locat this file C:\WINDOWS\gmer_uninstall.cmd and double click on it to run it. After that, if you see anything else from GMER hanging around you can delete them (like the folder on your Desktop and also any of the below files:

• C:\WINDOWS\gmer.dll
• C:\WINDOWS\gmer.exe
• C:\WINDOWS\gmer.ini
• C:\WINDOWS\gmer_uninstall.cmd
• C:\WINDOWS\system32\drivers\gmer.sys

 

The spoolsv.exe file does not run from where you stated. It runs from here C:\WINDOWS\system32\spoolsv.exe and you can see this in the previous HijackThis log that you posted. Why do you think it is running from the folder you listed? Are you seeing this in a running process list. The KB896423 folder name references a Microsoft Knowledge base article relate to a Windows XP security patch on the vulnerability in Print Spooler service. ( See: http://support.microsoft.com/kb/896423 ) This you will see the spoolsv.exe file in this folder but this is not where it should be running from. This is the folder that the Windows Update would install into. Sounds like you may be having a Windows Update issue and not an issue related to having run GMER.

Attach a new HijackThis log that is obtained while you are experiencing the problem.

 

This HijackThis log only show C:\WINDOWS\system32\spoolsv.exe running. Not the one you mentioned. Did you get this HijackThis log while your problem with CPU usage was occurring as I requested?

No it is not normal for your system to say connected periodically. Perhaps you have hardware issues with your connection that you need to check out in the Hardware or Networking forum. That may also be a good place for you to ask for help with your printers not showing up. Maybe you just need to add the printers back in.

 

You're welcome. You should now work thru the below:

1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
2. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!