Not finding much Spyware but still computer slow down...

Please read the announcement and sticky threads. Do not post HJT logs unless they are requested.

Download and install Microsoft® Windows AntiSpyware and make sure you get the updates but do not run a scan yet.

Now reboot into safe mode with no network support, make sure you have no browsers opened and then run a full scan with MS Antispyware and let it fix what it finds.

Now reboot into normal mode and let me know if it found anything and if you are still having problems.

Also post your Spybot log if it still detects anything.

 

Did you download it from the link I provided? Try the below in normal boot mode.

Click Start, Run, and enter the following C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe -Embedding and then click OK!

Let me know if that works. If not, see the below link and try what it recommends:

http://castlecops.com/t120958-NEW_ERROR_101_FIX_that_works_for_Giant_and_MS_AS_5_15_2005.html-

 

Sure! Post the MS AS log.

Do you still see the below Kerio process loading and running twice in you HJT log.

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

 

You need to figure out how it is loading the process multiple times. Killing it now will only fix it during this session. It will just do it again on your next reboot. Running it twice can be a big waste of system resources, I'm not sure why the program even allows it.

 

Looks like MS AS fixed everything it found. Are you having any particular problems at this time?

 

Task Manager and HJT's process list show what is currently running.

The other lines in HJT show certain registry locations that are used for a variety of reasons. They do not show all possible ways that a program could be loading. You could look at a StartupListLog from HJT to see if anything else can be seen.

Generate a StartupList log using HijackThis.
Run HJT and on the first screen, click the button that says "Open the Misc Tools section". In the next window first select "List also minor sections (full)" and then click the button that says "Generate StartupList log". CLick Yes to the Do you want to continue prompt. Now a notepad window will come up with the Startuplist.txt file. It is already saved in the the directory HJT is running from. So just come back here and upload the file as an attachment to your next message.

 

Well it appears twice but that is still just in the process list like the HJT log showed.

I checked around a little and it looks like this may be standard operating procedure for Kerio. I don't know why but every log I found with Kerio installed shows this file running twice. So for now I would just ignore it as it is probably normal.

Are you having any other problems?

 

It does not appear to be related to any visible malware problem. You could try stopping the some processes (only temporary until next reboot) like your firewall and see if it changes anything.

You can try running MS antispyware again to make sure it really fixed everything reported last time. Other than that I would say you should run through the full cleaning process jsut to make sure. Here is the procedure:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).