So slow with hacker/dialer?

You do not show any major malware problems in your logs! Speed issues are frequently related to what you are running on your PC.

You can have HJT fix the the below non-malware processes. They are not needed at startup and this will help a little with your speed problem:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Also if you do not want all the HP settings (in the R1 and R0 lines), you should have HJT fix them and then Reset Web Settings from Internet Explorer.

You can also delete the below file found by Panda:
c:\windows\system32\unPPC.exe

 

You're welcome!

Well if your copy of SpyCatcher is a paid subscription version, you can uninstall Windows Defender. This will help speed things up and you do not want two full realtime spyware blockers like this running anyway (similar to antivirus applications).

By the way you do need to update to the current Sun Java version and uninstall all old versions. This is included in the below steps which you should follow anyway.


How to Protect yourself from malware!

 

Okay! Make sure it is uninstalled. If it already is then have HJT fix those two lines related to SpyCatcher and delete the folder if it still exists. You should also therefore keep Windows Defender since you need a realtime spyware blocking tool.

Sounds like something is terminating your Windows shell (this is explorer.exe). Does it stay like this or does the Desktop come back in a short time? If it stays like that, press CTRL-SHIFT-ESC to bring up Task Manager. The click File, New Task (Run...) and enter explorer.exe and click OK. Does the Desktop come back?



Let's do a couple quick scans to look for any other hidden problems!

Now run the below procedure and attach the runkeys.txt log.

• Using GetRunKey

Now run the below procedure and attach the newfiles.txt log.

• Using ShowNew

 

Nothing really bad showing in those logs but there are a few registry keys we can cleanup. I'll give you a patch further down to apply. But first I have a questions about what you use the below Netscape stuff for.
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe

Now Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Windows Explorer and delete all files and subfolders in the below two folders of your PC. Note: Windows may have a couple files in use in each of these folders and block their deletion. This is normal. Just work around those files and delete the others. Typically the ones in use are from the current date.


C:\WINDOWS\Temp
C:\Documents and Settings\HP_Administrator\Local Settings\TEMP


Now reboot and let me know if there is any change at all in performance. Any remaining issues are likely due to all the stuff that is running from AOL and all the junk HP installed on their PC for you to have headaches from.

 

AIM is an instant messenger! What do you mean AOL email address? Are you paying two ISPs?

Having AOL installed and running is a huge waste of system resources. I would dump it completely if you can.

 

I did not know that since I never use AOL and rarely have used AIM.


I thought I had dumped AOL, except for the AIM that is. I will look again. I do know it came loaded on the computer, so did about 6 others.[/quote] It is still installed. See the below running which is direct from your HJT log. These are not needed AIM (unless for some reason you need all of this just to read their email but that would be totally crazy).

Uninstall all of AOL using Add/Remove programs. Just don't uninstall AIM.

 

Not according to your HJT log. I still see some AOL stuff. Let's do a few things to clean it up and also take care of the Realsched.exe again. Also let's clean up the junk from HP in you start and search pages.



Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to AOL Connectivity Service (if that is not found, look for the short name: aswUpdSv)... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above stop and disable for the following services:
AOL TopSpeed Monitor

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

AOL ACS

Now repeat the Delete NT Service steps for:
AOL TopSpeedMonitor

If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aol.com/today/aimtoday.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133970931\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\SpyCatcher <--- the whole folder
C:\Program Files\Common Files\AOL <--- the whole folder

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

 

Much better but the below is still there:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Did you forget to fix this? Did it come back? If it came back, exit WinPatrol, Windows Defender and ZoneAlarm before fixing (also close ALL browsers windows before fixing).

How is everything running now?

 

It is in your HJT log:

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

Are you saying you do not have it installed? If not, then have HJT fix the above line.

 

They all do different things. Especially Bitdefender. It is an antivirus program (which you do not have installed! You have AVG). You are not compairing apples to apples.

Why thank you for the compliment? We all appreciate it.

Yes! Let's see where things stand now.

 

WinPatrol and SpyCatcher both are in the antispyware family they just work and do slightly different things. Bitdefender is an mainly an antivirus program.


You still have not updated your Sun Java version to the current version as mentioned in the How to protect thread. After getting the current version (5.0 update 7) uninstall all old versions.

 

Your HJT log shows:


C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

That is one version out of date. The current would show jre1.5.0_07

Look in Add/Remove programs too! Make sure you uninstall ALL older versions after updating. They do not uninstall while updating.

 

Get it from Majorgeeks!

Sun Java Runtime Environment

 

All versions other than the current version should be uninstalled.

 

You're welcome. Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're most welcome! Surf safely!