Slow running/bad registry?/too many processes??

Hello,

First time user of Hijack - have read the plse read before posting and instructions to enable everything on msconfig.

I have in the past run adaware and spybot as well as avg with restore disabled. Still getting very slow performance, multiple infections from downloader dluca J, now computer crashing and resulting in sysdata.xml dump (which i think maybe overheating or Ram probs).

Anyway - this is a family PC and before I was a regular user there were multiple progs installed and not deleted properly, no firewall protection and no anti spyware/virus.
I also think the registry is a complete mess because of this.

I am loathe to reformat as we live abroad and I do not have the technical ability to configure my adsl if wiped and would like to avoid the potential cost of $100 callout from the telecomms co.

I realise a reformat will be best long term but in the meantime help is urgently required.
The PC often runs much slower than it should and with a mem free usage of 34-18-critical.

Thanks in advance.

Rorschach

EDIT - by the way - I use mozilla firefox to browse.

Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

ok - thanks for that

ive done everything as requested - here is my hj file.

thanks very much in advance

rorschach1791

 

The first thing I notice is that your running AVG & eTrust EZ Antivirus. This is not recommened as running 2 antivirus programs will cause conflicts on your computer. You need to pick ONE and uninstall the other.


Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Hi

I have tried to uninstall ez as i had avg longer and thats the only one that seems to pop up with any warnings/notifications.
However, im unable to remove EZ. There is no uninstal./exe in the folder, no listing in ctrl panel and no listing in program list from start menu. Not sure how to go about getting rid of it. Unless i just delete the folder?

Also, I have extractd hjt - i made the folder c:downloads/compressed/hjt - its just called that cos it started in compressed - it is running from its exe not from the zip.

ive uploaded my latest hjt

 

rorschach1791,

Please read my post very carefully to save both of us time. Relocate your HJT as previously requested because your still running it from an unsecure location.

 

Download Your Uninstaller and install. This is a trial version, choose "Pro Mode" and find eZ Trust AV and uninstall this way.

Afterwards reboot and post a fresh HJT log.

 

ok - thanks for the help.

Ive downloaded both avg and ez for now

heres the recently relocated hjt file

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/

O4 - HKLM\..\Run: [PYWQSLZS] c:\windows\system32\pywqslzs.exe /install
O4 - HKCU\..\Run: [Mqinx] c:\windows\system32\mqinx.exe

O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\bet365MPP ←–– Delete this whole folder if it exist!

c:\windows\system32\pywqslzs.exe

c:\windows\system32\mqinx.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

ok -

did that. Heres my latest log.

Comp seems to be running a little faster.

cple of things
Still getting generiwin32error connected to svchost.exe.
Also - why does realsched.exe from real keep returning even though i select check fix every time.

memory booster tells me that mem is only 40% free most of the time, ifrunning 2/3 apps it can easy go down to 30-18-10. Is this normal? I think my registry is probably full of crap but im not sure how to clean it.

thanks again for your help

 

Your HJT log is clean!

Download RegSupreme Pro 1.1

Install this program, after you install you will be prompted to "defrag" you registry for best performance. You can go ahead and click YES, should take but a minute or so.

After this completes at the top, click the REGISTRY CLEANER tab. Then click on "Aggressive" and let it scan. Afterwards you will see the total of invalid entries found. Once its complete, select ALL entries and select FIX. The program will then fix the ones that are fixable, the ones that are not will be removed. Type in a backup filename and save to an easy location just in case.

Let me know the results! After you do this reboot and see if your running any better.

 

hi bjgarick.

Ok downloaded used the registry software. Im happy that this will have cleaned my registry up somewhat. The PC still doesnt seem lightening fast, even after defrag also. There is 12.5gb free space on a 40gb hdd but im still only getting 50% free memory even with just ms outlook and firefox running. So apps dont seem to open as fast as they should. Maybe its just me.

The only other strange thing it does, is when im knocking about windows explorer, like my documents or prog files etc, it will always - like a few times a day, do a sort of pause and then a complete screen refresh, so all desktop icons go blank and then have to reload, and i also then lose some icons from the sytem tray so it just goes down to the bare minimum. Any idea what this is?

I downloaded antispyware which after using spybot, avg and adaware for over a year, then came and found another 19 issues - like virtual bouncer, dialers etc. I would recommend this to everyone.

thanks again for your help

R

 

For more in deph analysis with your current issue, I would recommend posting that in the Softare Forum. Those guys will get you all fixed up.