Programs Lagging!

Welcome to Majorgeeks!

You should not have touch System Restore yet!

Please attach your Bitdefender, Panda, and HijackThis (see step 7 of the READ ME) logs.

 

Please install HijackThis properly as requested in step 7. Right now you are running it exactly how we specify not to run it (directly from the ZIP file using IZarc)

Did you configure the below Proxy settings for something?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost


Before I go any further, I need another log. You appear to have a bunch of things installed that may need to be removed.

Let's get an installed programs list from HijackThis

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

What antivirus program do you actually use? I see signs of 6 different antivirus applications!

 

Please do not put your logs in ZIP files. Just attach the logs directly. There should be no reason why you cannot do that.

You did not answer my question:

You may have uninstalled all the other antivirus programs but they did not uninstall completely. This happens very often and typically it occus when more than one is installed at the same time. You have a load of there processes still trying to load. I'll them to the list of malware items to fix in my next message.

 

Can you tell me what the below process is? This is not a place where an executable program should normally run from:
C:\Program Files\Common Files\License.exe


If you do not have any other software from Symantec installed, you should uninstall the below:
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\Program Files\Common Files\License.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [xeh] C:\WINDOWS\xeh.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O20 - AppInit_DLLs: pushow50.dll <--- you may get an error message about this one from HijackThis. Just ignore it and continue.

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\Program Files\Common Files\Symantec Shared <--- the whole folder
C:\Program Files\AntiVir PersonalEdition Classic <--- the whole folder
C:\Program Files\Alwil Software <--- the whole folder
C:\Program Files\Grisoft <--- the whole folder
C:\Program Files\MediaGateway <--- the whole folder
c:\Program Files\NORTON~1 <--- the whole folder
C:\Program Files\Trend Micro <--- the whole folder
C:\Program Files\VVSN <--- the whole folder
C:\Program Files\winupdates <--- the whole folder
c:\program files\zango <--- the whole folder
C:\WINDOWS\xeh.exe
C:\WINDOWS\system32\Israfel.vbs
C:\WINDOWS\system32\pushow50.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Please read and respond to message # 7!

Then answer the 3 questions (one about Symantec was not worded like a question) in message #8 too. You must answer questions!

 

When you answer all of my questions we can continue.

I have asked question in message number 5, 7, 8, 10 which were never answered. And now I'm still asking for answers.

 

If you don't need it or want it, uninstall it.

You're previous uninstall list showed the two items below from Symantec. Did you uninstall them? Uninstall does not mean "erase folders" or "delete". Uninstall and "erase or delete" are two different things.LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)

Just one remains from message number 8.

 

Is the below still running?
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

If so fix the below line with HJT:
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe


Your problems are not due to malware and are more than likely due to the amount of software your are running and your PC speed and amount of RAM? Also when you use real player, windows media player, nero dvd player, do you have AOL stuff running! Shut it down and see what happens. In fact don't load it at startup and see what happens (or are you having problems only when using those applications on line).


Do you really need Yahoo Toolbar and Yahoo Messenger?
What about the AOL Toolbar?


You can also free up system resource by having HijackThis fix the below unnecessary processes:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background