Posts by DMR

I think you accidentally grabbed the word "quote" in your cut-n-paste. :mrgreen:
The file should only contain the following two lines:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP]

I tested the file before I posted instructions for creating it, so I know that it does work if done correctly.

.

I'm honestly not sure why ewido won't/can't delete the HKLM\SYSTEM\ControlSet006\Services\HTTP entries, but we can do it manually:

* Open a new, blank text file in Windows Notepad
* Copy-n-paste the text in the Quote box below into that document
* Save the file to your desktop as SpyHealFix.reg
* Double-click on the file to run it
* Click "Yes" when prompted to add the information to the Registry
* Reboot

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP]

* Once you've rebooted, run ewido again and see if it still detects anything. If so, post the log; if not, we'll move on to fixing your Internet connection.

How about you just stop.

joeprogrammer's comment was actually a constructive comment, nothing more (or less).

It's most useful to give direct linkage to a solution when possible (assuming you have that link, of course), rather than asking the member you're helping to search an entire site.

.

1. Reboot into Safe Mode again and delete the "csrss.lnk" file. You'll find it in the C:\documents and settings\Your_username\start menu\programs\startup folder.
Empty your Recycle Bin after that and reboot normally.

2. I'd like to see the last ewido report also. Can you please that?

Yes.

1. Have you run the SmitFraudFix program yet? If not, please do that, following the instructions in the link I gave in my 2nd post. After performing the procedure, post the contents of the C:\Rapport.txt log file that SmitFraudFix generated.

2. Download ATF-Cleaner and save it to the desktop or another convenient folder. Don't run the program yet.

3. * Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Your use of file-sharing programs has brought you more than just the CyDoor adware; you have other "unwanted guests" as well.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open your Add/Remove Programs control panel and uninstall any and all programs listed there which relate to the following:

Altnet
TopSearch
Points Manager
RXToolbar
InstaFinder/InstaFink
BestOffers
Need2Find

* Download ATF-Cleaner and save it to yor desktop or another convenient location. Don't run the program yet.

* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:

O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

* Reboot your …

Hi heybaby, welcome to Daniweb :)

Your HijackThis log does show us where the remnants of the MyWebSearch/MySearchBar hijacker are located, but there is one issue that needs to be taken care of before we procede with the fixes:

C:\DOCUME~1\Kalvin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

The log entry above indicates that you are running the HijackThis.exe program from within the downloaded HijackThis.zip download package. You are also running HJT from within a Temp/Temporary downloads folder.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

Please do the following:

* Create a folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and click "OK".
* Click "Next", and then click "Finished"; a window dispaying the newly-extracted hijackthis.exe file should open.
* Double-click on the hijackthis.exe file to verify that the program works. If it does, just close …

You sure she can't rig her post count?

Actually, yes- of course she can; she just hasn't yet.

She probably will start padding her post count in the near future though, because she'll realize that my plan for world domination is working, and that I will soon surpass even she in total posts....

MMMUUUUUUAAAAAHAHAHAHA!!!!!! [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/possessed.gif[/IMG]

If the drive supports the 3Gb/s rate, get a 3Gb/s controller; if the drive only supports the 1.5Gb/s rate, the choice is up to you. A 3Gb/s controller is backward-compatible with 1.5Gb/s devices, but it achieves that compatibility by running at the slower 1.5Gb rate; you won't get any performance benefit over a 1.5Gb controller when using a 1.5Gb/s drive.

Heh *holding back my secrets*

I guess I don't really have a secret; I just posted an average of 6 times a day, for 3 years straight, until I got to... wait- is it? Yes, I think it is........ post #6,500!

Now I just have to catch up with Dani.... :mrgreen:

This is the ewido log:...

That's it; that's the full contents of the ewido log?

im not sure what your meaning

No problem; I was asking for details like:

* The model # of the modem.
* Whether or not you have a router installed between the modem and the computer, and if so, the make/model of that router.
* Whether you are connecting the computer via a network cable, or via wireless.

Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download the free HijackThis utility. Once downloaded, create a folder for HJT outside of any Temp/Temporary folders and move the downloaded HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
Do not run the program yet.

2. If you do not have the latest version of ewido (version 4), please download that version now from http://www.ewido.net/en/download/.
If you do have the latest version, download and install the most current updates for the program. In either event, do not run the program yet.

If you are installing the new version of ewido:

• Close all other Applications and then run the ewido installer
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• It is very important to get the updates
• When updating has finished, close Ewido.

3. Download ATF-Cleaner and save it to your desktop or another convenient folder.

4. * Reboot your computer in Safe Mode by doing the …

I'm going to move this thread to our virus & spyware forum, as this is revealing itself to be that sort of problem.

For the network connection error, please give us the details of your network/Internet hardware connection scheme. Knowing what devices you are using and how they are connected will help us determine where to look for the cause of the DHCP failure.

"BROWSER HOME PAGE CHANGE DETECTED, we have detected that your browser home has been chnged.If you didnt make this change,you may have spyware or adware on your system.

That's a generic alert which is only telling you that something has changed your homepage. However, that "something" doesn't have to be malicious, and in this case I'm pretty sure that it's the NTL installer's action which is triggering the alert. As indicated in your HJT log, the NTL installer looks like it does set your homepage to NTL's site:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/

As for the SpyHeal infection, can you tell us exactly what file, Registry entry, etc. ewido is reporting to be infected. Having that info will give us a better idea of how to best remove the malicious component(s).

.

Just for your information, all the rep dani got was from herself. Don't tell anyone.

Yup, it's true... the election is rigged in Dani's case. :eek:
Her post count is real, but she can give herself whatever title, as many stars, and as much Rep as she wants. Check out the Geeks' Lounge- in her annoncement at the top of that forum, her title reads: "The Queen of DaniWeb". Cute, eh? :mrgreen:
(we mods can also alter our titles, but that's about it)

Hi Joyce, welcome to Daniweb :)

You should start a new thread of your own and post your problem in that thread, for a couple of reasons:

* This thread has been marked as "solved" because the person who started the thread has indicated that their problem is now fixed. Our troubleshooters are less likely to re-examine solved threads, so your question may go unseen.

* Our posting format follows a "one-members-question-per-thread" format, because it's very difficult to help two or more different members within a single thread; keeping track of which suggestions are in reply to which problems/questions quickly becomes confusing for all.

* Although one member's symptoms may appear similar to another member's symptoms, the root causes (and therefore, the solutions) of two seemingly similar problems are actually not the same in the majority of cases. That being the case, trying fixes suggested for someone else's problem may actually cause you further problems.

If you're unsure of how to start your own thread, we have a good tutorial with a pictorial walk-through of the process posted here:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_howto

When you post your thread, please give us as much specific info as possible regarding the problem (the circumstances surrounding the occurence of the problem, the exact error messages you receive, troubleshooting steps you've already tried, etc.). The more information we have up front, the faster we'll be able to help you get the problem solved.

You dont have to re activate everytime if you reinstall the OS on the same computer...

Thanks for posting that info, goldeagle2005. You're right- that method does do the trick.

Glad we help, joe_blow; feel free to ask if you have further questions/problems with the upgrades.

avoid KaZaA. Full of spyware.

Yes, as are file-sharing programs and file-sharing sites as a whole. Given that, and the fact that most of the downloadable content is being illegally shared, it's best to avoid that sort of activity all together.

OK- repost if you have any questions.

not so sure however about the software to remove Spyheal is it the SmitFraudFix your talking about?

Yes, the SmitFraudFix program is the removal tool; please run that according to the directions on the page I linked to. There is no sign of the SpyHeal infection in your HJT log, although that isn't surprising given that some of the new versions of this family of infections hide themselves from HijackThis' detection.

Is this normal for this type of virus to break the intrenet connection??? When i try to install to NTL cd its claiming a network adapter error??

This particular infection does not (normally) break Internet connections; given the "network adapter" error that the NTL installer is giving you, I suspect that the connection problem is a separate issue, likely with a non-malicious cause.

* Please post the full and exact contents of the adapter error that you receive from the NTL installer.

cd_clint.dll is actully a component of the CyDoor adware parasite... er, I mean... program that is bundled with Kazaa and some other "free" applications. Running one of the following free antispyware utilities should remove the CyDoor remainders for you:

ewido antispyware (trial version)
Ad Aware SE Personal
SpyBot Search & Destroy

A SATA PCI Controller card is what you need. There are a number of brands/models available; the price range is about $20-$55 USD.

1) Installing RAM and a CD drive to an existing system isn't a substantial enough change to trigger a reactivation.

2) A reformat will obviously require reactivation; the process is very straightforward.

More info on the subject can be found here:
http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/xpactiv.mspx

.

How much success you'll have depends on the type and severity of the problem. Here are some links (in no particular order) which discuss data recovery options and utilities for different kinds of drive failures:

http://www.daniweb.com/techtalkforums/showthread.php?t=3046&highlight=data+recover+drive
http://www.daniweb.com/techtalkforums/thread9069.html
http://www.hddrecovery.com.au/downloads/200ways.pdf
http://www.pcmech.com/show/harddrive/664/1

You don't think what is the problem? Infections?

* Spyheal is a new infection, thought to be the latest variant of the Smitfraud/SpyAxe/SpyFalcon/SpywareQuake family of fake "spyware removal" products. Removing the parasite requires a specific procedure and a specific removal utility, both of which are posted here.

If your Internet access is still broken, you'll need to download the removal utility on to a working computer, burn it (and a copy of the removal instructions) to a CD, and copy it to the infected computer that way.

* After performing the removal procedure, please do the following:

Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" might still be lingering in your system; once we analyse the log we can tell you what to do from there.

OK, so the "Dead Machines" forum might not be the right place for this, but it's as close a fit as I could find...

Are you referring to the computer's BIOS password, or the Windows logon password? If it's the BIOS password, please tell us the exact model of the laptop; if it's the Windows password, tell us what version of Windows you're using.

That's a pretty infested system; let's have a few virus/spyware removal programs do some general clean-up before we dig in to the manual fixes:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Visit at least two of the following sites for an online virus scan (if the scanners find any malicious items, note their names and include that information in your next post):

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner: TrojanScan
* Visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner: TrojanScan

* Your version of ewido …

Hi deano, welcome to Daniweb :)

• Please download VundoFix.exe and save it to your desktop.
• Double-click VundoFix.exe to run it.
• Check the "Run Vundo as task" box.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• VundoFix will have created a log file named C:\vundofix.txt; please post the contents of that file, as well as a new HijackThis log, in your next post.

Hi derekandes, welcome to Daniweb :)

Let's start with the following:

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

OK- thanks for the update; I was just trying to catch up on the unanswered threads in this forum.

I don't see any obvious signs of infections in your log, although you are running a fair number of programs/processes, including some heavy apps like MySQL and Apache; you could have non-malicious conflicts/corruptions related to those.

1. Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the problem(s) and/or specifically mention rundll32.exe. Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

2. Have you run virus/spyware scans yet? If not:

* Download the most current updates for AVG.

* Upgrade your version of ewido to the newer version.
* Install and Configure ewido:

• Close all other Applications and then …

* If you can post the results of the Trend scan, that would be helpful. Also, please do the following if possible; you may have to download on another machine and copy things to the infected machine via CD or floppy):

* Download the (free) HijackThis utility. Once downloaded, follow these instructions to install and run the program:

- Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
- Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
- Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log".
- Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

.

1. Open your Add/Remove Programs control panel and uninstall the Logitech Desktop Manager software. The software handles automatic updates of your Logitech software, and is at least somewhat of a security risk because it transmits certain information about your computer to Logitech. Removing the software doesn't alter the functionality of your Logitech device(s), and you can always check for updates manually.

* Your log shows signs of a SpywareQuake infection, and the most current SpywareQuake removal procedure is posted here.

Please follow the removal instructions carefully, and then post the contents of the C:\Program Files\RoguesScanFix\task.txt file which will be generated during the removal. Also post a new HijackThis log.

So... ewido deleted the infections, but you are still unable to connect to the Internet, yes? Let us know if that's the case or not; it will determine what we can do next.

* From the l2mfix folder, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Save the log file; you will be including it in your next post.
(If you get prompted for a password while running L2MFix, type: bye )

* Download the (free) HijackThis utility. Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

I've found that the info gathered from a firewall program like Sygate Personal Firewall (freeware) is very useful in terms of determining what exact applications/programs/processes are communicating over the network, what destination IPs they're communicating with, and which ports/protocols they're using.

If you temporarilly install Sygate just for investigation/troubleshooting purposes, I'm sure it will tell you a lot about what's going on with your network traffic. I wouldn't recommend leaving it installed on a gaming machine though, as firewall programs can introduce network latencies/lags which can interfere with smooth gaming performance.

There is, of course, the possibility that a malicious infection is responsible for the traffic. If you haven't ruled out that possibility yet, you should do so now. You can find useful resources on that in many of the threads in our malware forum .

And I see that you've already posted you new thread; thanks again.

* There is a trojan which hooks in to Firefox (read here and here), although Panda has also been known to report "false positives" on some legit files. Can you give us the full filenames (including their .exe, .rdf, etc. extensions) of the Firefox components in question?

* Reinstalling and reconfiguring the entire system from scratch will take you a few hours or more, and you'll need to have all of your original operating system and program installation disks available in order to do it. Let's look a little deeper for possible clues to the problems before goin the reinstall route:

Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the problem(s). Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but …

Judging from the info I've been able to find, the PT-3812 does not support QoS or any other kind of traffic shaping features. :(

Do the bursts of network activity occur only when Quake is running, or do they happen during other online activities as well?

Hi kwt114,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, troubleshooting steps you've already tried, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Try rebooting the computer into Safe Mode and choosing the "Last known good configuration" boot option. You get to the Safe Mode boot option menu by tapping the "F8 key" continuously right after the computer restarts.

It's uploading and downloading... It returns in the same pattern every time...

I agree that it sounds suspicious, but please give us some details on the above statement if you can.

* What returns the pattern; how are you monitoring your network activity?

* Exactly what "pattern" are you referring to?

* Can you give us any details on the history of this activity?

A few tests:

* Turn off all of the devices on your network for a minute or two. Turn them back on in this order, letting each device fully boot/initialize before turning on the next device:
1) The modem
2) The router
3) The Toshiba
Leave the other computers off.

* If the computer has an Ethernet port, try connecting it to the network via a CAT5 cable.

* Try uninstalling and reinstalling the wireless adapter and its driver software.

Let us know the exact results of the above steps.

-

A fairly common question/problem; the solution is known as "bandwidth limiting", "bandwidth shaping", or "bandwidth throttling".

The options are basically these:

1. Use a router which supports QoS (Quality of Service). Through QoS, the router can manage/limit/prioritize bandwidth usage on a per-computer, per-application, or per-port basis. The Linksys WRT54G is one popular router which has QoS, but there are others.
This is probably the best (and least complex) solution for you.

2. Bandwidth-shaping applications such as NetLimiter can be installed. However, the software would have to be installed on the computers whose bandwidth you want to control, so there is always the possibility that the user will get around that software.

3. A cheap Linux machine can be used instead of (or in addition to) a hardware router. The Linux OS has built-in network routing/filtering capabilities which make it a pretty powerful solution for traffic management, but the downside is that you really need to know what you're doing. If you aren't Linux-savy, this solution isn't for you.

Apolgies for the delayed response.

Your log shows signs of a SpywareQuake infection, and the most current SpywareQuake removal procedure is posted here.

Please follow the removal instructions carefully, and then post the contents of the C:\Program Files\RoguesScanFix\task.txt file which will be generated during the removal. Also post a new HijackThis log.

-

OK- that's last log is readable, and it looks complete. For better or for worse, the log is also free of any signs of infections, meaning that the causes of your problems may not be malware-related at all.

Your log indicates that you have SpyBot, Spy Sweeper, Windows Defender, and McAfee installed. Do full system scans with those programs turn up any viruses, spyware, etc.? If so, give us the details.