8 steps done, logs attached

[severedgein]

Google redirect. Numerous spyware/malware programs run, Mozilla/IE7 uninstalled and re-installed, nothing fixes it, getting ready to zap the hard drive and start from scratch. Any help appreciated.

 

[severedgein]

having issues uploading hijack log.

 

[severedgein]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:28 PM, on 2/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

[severedgein]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.premierleague.com/page/VirtualReplay2"
O4 - HKUS\S-1-5-18\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User 'Default user')

 

[severedgein]

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

 

[severedgein]

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: wuyowoli.dll c:\windows\system32\ c:\windows\system32\modigege.dll c:\windows\system32\kurerupa.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: zuwaleyom - {27712f57-078f-43c2-84e2-6d683326a2f2} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {27712f57-078f-43c2-84e2-6d683326a2f2} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

[severedgein]

for some reason, the line that goes at the top of the last post will not go through as written. references windows update site for cab 1167666937388

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

 

[severedgein]

sorry for the confusing fashion of my posts. Thank you for your help!

 

[severedgein]

sidenote: also have SpyBot S&D, seems to lock up a lot when it gets to the Virtumonde's. Virtumonde.atr removed multiple times, reappears though along with a windows.firewallbypass. turned off system restore and it still reloads.

 

[Bobbye]

If you still require help, please update and run the scans again. Attach the 3 logs for review.

This thread will be closed if there is no reply.

 

[severedgein]

Logs as requested

 

[Bobbye]

Okay,let try to get rid of the malware:

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  Important! Save the renamed download to your desktop.
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.

• Double click on the setup file on the desktop to run
• If you get prompt to download and install the Microsoft Windows Recovery Console, please allow.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If you get a prompt to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running- it may cause it to stall..
  2. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

When that finishes, Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Then rescan with HijackThis.
Please include the Combofix report, Eset log and new HijackThis log in your next reply.

Hopefully, after this, remaining bad entries can be handled with one additional program. When done, I'll help you cleanup entries in the HJT log, including stopping the Shockwave auto updater.

 

[severedgein]

Requested logs

 

[severedgein]

bump for check

 

[Bobbye]

Flash player is known for leaving behind old insecure files. It is better to clean out the entire entry, uninstall, then reinstall:

• Download the Flash Player Uninstaller and save it to your desktop.
  Choose the Flash Player Uninstaller for you browser: http://www.adobe.com/shockwave/download/alternates/ Don't run yet.
  
• Please reopen HijackThis to 'do system scan only'. Check the following processes if found:
  
  O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.premierleague.com/page/VirtualReplay2"
  
  While you have HijackThis open, please alse remove one of the following entries:
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  
• Close all Windows except HijackThis and click "Fix Checked."
  
• Boot into Safe Mode
  [o] Restart your computer and start pressing the F8 key on your keyboard.
  [o] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
• Double-click the Flash Player Uninstaller setup on the desktop and run the uninstaller program.
• Reboot your computer to complete the uninstall.
  
• Download latest version of Flash Player HERE and save to the desktop.
  
• . Double click the setup and run to install. Reboot when through.
  
• Once the new version is installed, follow the directions to disable the auto-updater.
  [1] Navigate to the Shockwave Welcome page:http://www.adobe.com/shockwave/welcome/
  Note: The context menu can be accessed from any Shockwave movie if the context menu has been enabled by the author, but this URL was provided to simplify the process.
  [2] Windows: Right click the Shockwave movie.
  [3] From the drop down menu choose "Properties".
  [4] Uncheck the box next to "Automatic Update Service" to disable the auto update feature.

Reboot and run a new HJT scan.

Please give me your current status regarding this- after doing the above:

Google redirect. Numerous spyware/malware programs run, Mozilla/IE7 uninstalled and re-installed, nothing fixes it, getting ready to zap the hard drive and start from scratch.

 

[severedgein]

Done, HJT log attached. Malware seems to be gone. Please let me know anything and everything that's unnecessary on the startup because with Avira the computer is horribly slow now on startup. THANK YOU!!!

 

[Bobbye]

This should sped you up. You are first going to have HijackThis remove entries. Then you are going to take the entries off of Startup. Then you are going to change the Startup Type for some Services. If you print this out, it will be a lot easier for you:

Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

Close all Windows except HijackThis and click on "Fix Checked"

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Handle each group of entries as instructed:
JAVA:
[1] UNCHECK all Java entries on the Startup menu: Start> Run> msconfig> enter> Selective Startup Startup tab.
[2] Open IE> Tools> Manage add-ons> right click on Java (tm) Plug-In 2 SSV Helper' (jp2ssv.dll> Click on and Disable Java Plugin2 and Java Quick Start.
[3] Start> Run> services.msc> right click on JavaQuickStarterService)> Properties> Change Startup Type to Disabled> Stop the Service
[4] Stop auto update:. Control Panel> Java> Update tab> UNCHECK 'check automatically for updates'> Apply> Click YES when asked to confirm> OK
[5] Make sure only the current version of Java v6u18 is in Add/Remove Programs in the Control Panel. Uninstall any other versions.

ADOBE READER:
1. Use msconfig to UNCHECK all; Adobe Reader entries> Apply> OK
2. Open the Adobe Reader and Disable all Toolbars-unless you use the PDF feature frequently.
3. Change the Adobe LM Service to Manual Startup.
4. Only the most current version (now v9) should be listed in Add/Remove Programs.

QUICK TIME
1. Use msconfig to UNCHECK any QuickTime entries on Startup> Apply> OK
2. Disable tray icon: Right-click on the icon and select QuickTime Preferences > Browser Plugin. Clear the check box next to "QuickTime system tray icon," and then close the settings box. The icon won't appear anymore.
3. Rename the qttask.exe file:
4. Right click on Start> Explore> Programs> QuickTime directory> right click on qttask.exe> rename to qttask.exeold.

iTunesHelper.exe ITUNES Big resource user!
Background task installed by Apple's iTunes music player and also by version 7 of QuickTime which now comes inseparably bundled with iTunes. It is thought that this task used to be a 3rd party add-on program in the early days of Apple's iPod when its iTunes software was incompatible with many CD-Writers. This task does not need to be installed as a startup since iTunes starts it up anyway when it needs it.
1. UNCHECK on Startup menu using msconfig. It uses nearly 6MB of memory.

BONJOUR/MDSRESPONDER:
Usually installed by Apple for iTunes. But also 'pre-checked' to load with the new Adobe CS3 applications, "mDNSResponder.exe" is installed somewhere in the install process. Used in iTunes files sharing
1. Use msconfig to uncheck on Startup
2. Set the Bonjour Service to Manual using services.msc> double click on Bonjour

Make sure all of the Services below are handled as instructed:
Ati HotKey Poller> Manual
Bonjour Service> Manual
gusvc (Google Software Updater)> Disable> Stop the Service
iPod Service> Manual
jqs (Java Quick Starter)> Disable> Stop the Service
NBService> Manual
Pml Driver HPZ12> this is used by HP Printer/Scanner/Copier printers to prevent Windows from entering hibernation mode.Disable> Stop the Service
PrismXL> Manual

Click on Start> Run> type in msconfig> enter> Selective Startup> Startup tab: in addition to the groups above> Uncheck each of the following:
GoogleToolbarNotifier]
PrismXL
NeroBackItUp
Then click on Apply> OK

Reboot into Normal Mode: NOTE: you will get a nag message the frist ti,e you boot after changing the Startup menu. You can ignore the message and close it after checking 'don't show this message again.' Stay in Selective Startup.

If you printed this out, you can go right down the list. Don't be overwhelned. Just follow the steps. When you have finished this, I'll have you remove the cleaning tools and old restore points- that will free up more resources.

 

[severedgein]

Please clarify this part, do you mean under the O23 services?

"C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe"

 

[Bobbye]

Yes, sorry. I just pulled the Service names out:

Start> Run> services.msc> double click on the Service to open> Make the change. Some may already be set to the Startup Type I'm giving you. Look at my Service name> that's what you'll see displayed.

Make sure all of the Services below are handled as instructed:
Ati HotKey Poller> Manual
Bonjour Service> Manual
gusvc (Google Software Updater)> Disable> Stop the Service
iPod Service> Manual
jqs (Java Quick Starter)> Disable> Stop the Service
NBService> Manual
Pml Driver HPZ12> this is used by HP Printer/Scanner/Copier printers to prevent Windows from entering hibernation mode.Disable> Stop the Service
PrismXL> Manual

 

[severedgein]

All right, everything done. System already more responsive. Thank you Bobbye!

Now for cleaning tools and the resources?

for reference I have installed:

Malwarebytes
CCleaner
Ad-Aware
SpyBot S&D
Avira AntiVir
SUPERAntiSpyware
ESET Online Scanner
HijackThis

seems a bit like overkill at this point... what do you suggest keeping permanently?

 

[Bobbye]

You're welcome! You got the 'Bobbye Special'. Once in a while I take time out to help pare a system down. Usually works pretty well.

Of the programs you asked about:
Malwarebytes: Remove
CCleaner: Remove
Ad-Aware: Remove
SpyBot S&D: Keep
Avira AntiVir: Keep
SUPERAntiSpyware: Remove
ESET Online Scanner: Keep
HijackThis: Remove

On most of the programs I've marked 'Remove', you can download and run scan whenever you think you need to. You don't need them using hard drive space and RAM.

Add a good, bi-directional firewall(one software firewall I recommend either of these software firewalls.- both are free and good:
Comodo or Zone Alarm:

Consider these programs for Extra Security

• Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
• IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
• Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. .