Posts by jholland1964

Ok, give me some time to go through all this and I will get back with you. In the meantime, empty the Malwarebytes Anti-malware quarantine and then update that program and run it again. Also run HJT again too. Post back with those logs, even if I have not come back with the combofix info.
Judy

Follow the steps given here Read me before posting a request for assistance and be sure if the instructions tell you to Remove Selected, that you do so.
Once you have completed all the steps given then post back here with the requested logs and we will know if other steps are required.

Yep, still there.
Let's try this;
Download ComboFix to the desktop.
You may get a prompt asking if you want to Run or Save. Choose Save and be absolutely certain you save it to the desktop.
At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When you click that Combofix Icon you may get a warning prompt because ComboFix doesn't have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix will prepare to run and then you may see a Disclaimer Screen. You should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.

the thread didn't say so but later it says for another program not to fix or remove anything - it can do that at a later time if needed?

Should i run it again and get it to fix problems?

I beg your pardon the instructions for Malwarebytes Anti-Malware DO say the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
You need to run this program again IMMEDIATELY and follow those instructions to the letter. You will NOT get the system clean by just cleaning a portion of items found you have to Select Everything bad that is found and Remove.
Then REBOOT the computer.

Run the ESET ONLINE scanner again, following the instructions exactly and have …

Can you tell me why you did not allow the Malwarebytes program to fix everything found?

angrundon you should really begin your own new thread. While infection may seem the same there is always the possiblitly that it is not.
Do the following and then post results in a new thread;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the …

Did do this?

Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'.
In the field, copy and paste C:\WINNT\system32\karina.dat
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes..

Why didn't you tell mbam to fix the following?

Files Infected: 1
Files Infected:
C:\WINNT\system32\drivers\27d8974d.sys (Rootkit.Agent) -> No action taken.

I have sent a PM to one of the other folks here who may be able to take a look and offer some help. Don't know that he will get back with you tonight but hopefully as soon as possible.
Judy

Honestly I don't know for sure what to tell you. Hopefully one of the others will notice this thread and give you a better answer than that. But I have not ever had that question before. Problem is a repair install doesn't really fix everything, there are some files and registry items it doesn't touch

I will quote to you the exact answer given on the experts exchange thread you noted

This could be anything. With the description you gave you could be talking about so many different malware variants. There is no one answer and you're looking for something we can't give without good information to go on.

We DO need logs. There is absolutely NO way we can know the cause of the problem unless we see some logs and you tell us EXACTLY what is going on.

Read me before posting a request for assistance

I want you to try this with HJT.
Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'.
In the field, copy and paste C:\WINNT\system32\karina.dat
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes..

Allow the PC to reboot, if it doesn't do it automatically, reboot manually.
Once you have done that, empty ALL those Quarantine files....AVG and MBAM both.
Reboot again.
Then run both programs again...MBAM first and then your AVG. Save the logs for posting here, even if you believe they are empty. I want to see them.
Once you have run both of those then run a new HJT scan and save the log.
Post back with the new logs requested.
Judy

First of all, you are running two antivirus programs, AVG8 and Norton. This is an absolute no-no. You need to totally UNINSTALL one of them using Add/Remove, following any prompts given by the uninstall. Then you need to do a manual file search on the computer using Start, Search, Files and Folders and looking in hidden files also, for any remaining files from the removed application. This is one reason fixes may not have been completed or one reason this infection is not found.

Once you have removed the program then also turn off SuperAntispyware and the PrevxCSI programs you don't want them running in the background right now as they could possibly interfere with the scans also.
You are showing an infection by Troj/FakeAle-DQ which is a trojan which will then drop other malware on the computer, so there could be more.

Uninstall the extra antivirus program and Update the remaining one. Update Malwarebytes, update the Superantispyware and then of course TURN it off.
Run a scan with the ESET Online Scanner
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a …

A quick look through the log doesn't show anything necessarily bad, though you have a lot of unecessary auto starts and therefore a lot of extra processes running all the time in the background. This can be a drain on system resources for sure. You also have what is called a questionable anti-spy program called Spywarebegone. This is not one of those usually recommended. I would uninstall that one.
You also are showing two, or at least portions of two anti-virus programs running, Avast and Symantec/Norton. This is definitely a no-no and can certainly cause lots of problems. Choose one and totally uninstall the other using Add/Remove, following any prompts you may be given like rebooting, and then also do a manual file search for any remainders.
You also are running Spybot TeaTimer, turn that portion of Spybot off. While Spybot is an excellent program the TeaTimer portion is really more trouble than it is worth. It runs all the time in the background and also can interfere with removal of some infections or malware. Keep the Spybot but turn off the TeaTimer. You can turn it off by going into the program itself and doing the following;
Go to Advanced Mode, Click Resident and take the checkmark out of Resident TeaTimer. Reboot the system.
I think you should begin by following the cleanup steps given on this sticky above Read me before posting a request for assistance
Then post back here with …

Please follow the steps as given and run all the programs noted in this sticky
Read me before posting a request for assistance. Then post back here with all the requested logs and maybe we will better be able to offer more steps if needed. The steps given in the sticky may very well clean everything up. Run only those programs noted in that sticky. Ok?

Just going through your HJT log again, which is the old version by the way, you should remove that one and go with the newest version which is HiJackThis version 2.0.2
Your Java is also out of date, you are running update 6 version 4, current version is 6 update 7.
You said you were using MSN Messenger when you shut down but now it won't run. Your HJT log shows 5 instances of it running in the background, it is also in auto starts.
Try going to the Taskmanager and shutting down all those that are running in the background and see then if you can open it up.

Obviously something going on with this computer...take a look at the dates on the scan logs;
First HJT posted; There is NO date.
Second the Deckards log;
Deckard's System Scanner v20071014.68
Run by Aldrin on 2002-01-03 09:11:57
Computer is in Normal Mode.
Third HJT log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:40 AM, on 1/3/2002
Fourth also from the Deckard's Log;
-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 12:18:27 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{5E8950D6-9454-4717-A8EF-1F4826CAE96E}.job

Fifth from that Same Deckard's Log;
-- Files created between 2001-12-03 and 2002-01-03
Finally;
-- Find3M Report ---------------------------------------------------------------
There are seven files with 2008 Creation dates
One file with 2006
and the rest with 2002
Ending with this;
-- End of Deckard's System Scanner: finished at 2002-01-03 09:19:42 ------------

Can I just ask, when you say you "got a message" Where did this message come from?

Keep us posted please.

First of all, we need the entire HJT log, including the very top part of it. This gives us the info on when the scan was run, operating system, etc. So don't cut that off next time.
Can you try and do as many of the steps HERE as possible and post the logs for us.

Whoops, just saw your ESET Scanner log above. Forgot what I had read I guess.

Did you do this;

ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
to: http://www.bleepingcomputer.com/subm....php?channel=4

If not please do.
Your HJT log didn't show up, but what did show was an older version, not the version 2.02 that you first used to post. Was this a new version of combofix or one you previously had on the machine.
If this was an old version please remove it and download a new one.
To uninstall ComboFix.exe And all Backups of files that it deleted

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
If shown the disclaimer, Select "2"

I believe that MSN Messenger is now Windows Live Messenger.
You obviously have infections on the computer which could have caused the problem but it also could be because you are not running the latest version, OR a combination of the two.
But when you said it doesn't work there are NINE instances of it showing as running in the background during your initial HJT scan. So it is obviously there.
Try uninstalling it. When the computer is clean, and NOT before, then download a new copy from HERE
One of the logs shows the ESET online scanner but I see no log for that. Could you run it again and post the …

When you say MSN won't run...do you mean the MSN browser or MSN Instant Messaging or what?
1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Anyway, when I was following your suggestions just now, the Windows Security suite said there was already an antiVirus up and running and reporting everything OK! Yep, this Avira thing. But there's nothing in the system to do with Avira that I can see.

Try running Belarc Advisor. It is free and will do a quick scan of the computer and give you a full picture of the computer, including programs installed. If it shows on there then there has to be a least one little file remaining. If so, then do a file search and be sure to check hidden files and folders also. If something is found you can then remove it.
Now for your auto starts; I recommend CodeStuffStarter to control these. You can use it for both the Start Up programs and also Services too. Very easy to use.
Here are those items that you can safely disable auto starts;

Remind_XP.exe...HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list

Recorder.exe...records all kinds of sound from sound card with high quality. It records the sound from other Windows applications with CD quality. It also supports to record sound from microphones, line-in, Cassette Tape, Video Tape and more input devices (am not familiar with the program but would …

I will go through the start ups and note the ones that can be disabled and get back on that shortly with instructions how to do so but FIRST and foremost, I don't see an anti-virus program or a firewall running on the system. These are absolute MUSTS today.
You can use the built in Windows firewall, I do. Many disagree with it since it only is a "one way" firewall, just stops invaders but doesn't stop your computer from sending out...my feeling is, if the Windows Firewall stops things from coming in then there won't be anything going out. But this is your choice, there are several good FREE firewalls many recommend;
ZoneAlarm Free - - Probably the most popular free choice.
Comodo Firewall Version 3.0 - - Quite possibly the best Free choice!
PC Tools Firewall Plus™ 3.0 for Windows® - - Another solid Free option!

For anti-virus programs;
AVG Free Edition

• AntiVir® Personal Edition Classic

• Avast! Home Edition
Your Java is also out of date. Current version is 6 update 7. I would update that AFTER you install the anti-virus program and firewall.
I will go through the rest of the log and let you know what and how to disable from auto starting.
Judy

You should begin with all the steps on this sticky
Once you have completed all the above steps then post back here with all the requested logs.

Do me a favor, go back into msconfig and re-enable everything that you disabled. Can't tell you what or how to turn off an auto start unless I know what they are. msconfig should really be used only for troubleshooting not for permanent turn off. I can give you a couple of GOOD FREE programs to use to control auto starts but need to see all of them first.
Re-enable them and then run me a new HJT scan and I can tell you what and how to do it.
Judy

How about trying to do the AVG scan in Safe Mode?

For the computer I would suggest you do the steps contained here Read me before posting a request for assistance When you have completed the steps then come back here and post the logs.
For the flash disk you might try this http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Have you tried updating video drivers and other hardware? 512MB of RAM isn't a lot if you are doing a lot of gaming. File sharing can be a dangerous thing too. Are you scanning ALL of these files for possible viruses, trojans and malware?

IM not dumb enough to click install the antispyware SIR..... And I dont mean that yahoo one, the "fdkowvbp" toolbar..

Obviously you felt I meant to insult you, I did not. It is a warning one normally gives, especially because so many people DO click install.
By the way, I am NOT a SIR.
Your fdkowvbp toolbar is indicative of a FakeAlert or Smitfraud Infection, your QXK Olive toolbar is indicative of a Zlob infection, your Megaupload Toolbar is also one very much a subject of debate as to whether it is safe or not. You have two entries indicative of Adware.Agent malware and you have the Trojan-Downloader.Win32.Agent loading as a start up service.
These are just SOME of the infected items showing in the HJT log, there ARE more and chances are there are many, many more which do not show. If you want to get the computer clean then begin by running the programs in the link I gave you. Be sure to TURN OFF Spyware Doctor, BitTorrent, Yahoo Messenger until this computer is clean. All are unnecessary and should not be running while clean up is taking place.
Your Java is out of date. Current version is version 6 update 7.
You also do not appear to be running a firewall, which is very important, especially since your system is definitely infected with at the very least one trojan downloader and very possibly more.

You have also left off the top …

First of all, for heaven's sake DON'T click to install that antispyware the pop-up offers. If by the toolbar, you mean that Yahoo one, I would be annoyed also.
We recommend you begin with all the steps on this sticky Read me before posting a request for assistance

Follow all those steps, saving any requested logs. When you have completed all the steps then post back here with all the requested logs.
There are signs of infection in your HJT log. These steps should take care of much of it. Give us those new logs and we can decide if other steps are needed.

Judy

What anti-malware program did you run? Do you have THAT log? If so we need to see that also. We also need more information on the computer itself, hard drive size, how much RAM is installed?
You have a LOT running at start up and running in the background which could affect the ability of the computer to run resource intensive programs. I don't see an onboard antivirus program running? Where is it and what is it? This is an ABSOLUTE MUST. Your logs also do not show any firewall, also an absolute must. Are you using the built in Windows Firewall or No firewall?
You have also left off the top portion of the second log...the part that reads like this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:35 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

That needs to be posted each time also as it gives the time the scan was done and vital information on the computer.

When you say scan this flash do you mean a flash drive or flash download or what?
What are you using for a scan? How are you deleting it? Are you using the scan program to clean it or are you just deleting? If you are just deleting the folders created then that means you are not deleting the trojan, just the files created by it. You will have to remove that actual trojan itself and the containing file too in order to stop it from creating files. Remember, many of these nasties create OTHER copies of themselves in other places on the computer, those have to be removed also. Many also require special programs AND specific steps to guarantee total removal.
Please post back with more information...especially flash what? Also, what is the name of the trojan, where is it actually located?

For one thing, turn off that Spybot TeaTimer. It truly causes more trouble than it is worth.
Please check the following are started:

1.Automatic Updates
2.Background Intelligent Transfer Service (BITS)
3.Cryptographic Services
4.Remote Procedure Call (RPC)
5.System Restore Service

To verify that BITS is correctly configured :

1.Double-click `Background Intelligent Transfer Service.`

2.In the Startup type box, click Manual, and then Apply.

3. Click the `Log On` tab, and then verify that the service is enabled in
every hardware profile that you have listed.

If the service is disabled in one or more hardware profiles, click the
hardware profile, Enable, and then Apply.

4. Click the General tab and then Start.

If BITS starts successfully, visit the Windows Update Web site or the
Microsoft Update Web site to see if you can obtain updates. If it works OK,
change (2.) to automatic
-
If you still receive the same errors, verify that you have correctly
performed steps 1 through 5.

Please check the following are started:

1.Automatic Updates
2.Background Intelligent Transfer Service (BITS)
3.Cryptographic Services
4.Remote Procedure Call (RPC)
5.System Restore Service

To verify that BITS is correctly configured :

1.Double-click `Background Intelligent Transfer Service.`

2.In the Startup type box, click Manual, and then Apply.

3. Click the `Log On` tab, and then verify that the service is enabled in
every hardware profile that you have listed.

If the service is disabled in one or more hardware profiles, click the
hardware profile, Enable, and then Apply.

4. Click the General tab and then Start.

If BITS starts successfully, visit the Windows Update Web site or the
Microsoft Update Web site to see if you can obtain updates. If it works OK,
change (2.) to automatic
-
If you still receive the same errors, verify that you have correctly
performed steps 1 through 5.

Win32.Renos is an executable with DLL or EXE extension, located in Windows, Windows System or in a root folder of C: drive, this file can be safely deleted or renamed.
You should really follow the steps shown in this sticky Read me before posting a request for assistance
and PLEASE note THIS instruction;

You will need to flush your restore points AFTER the fixing process has been completed to ensure that no malware is preserved.

The reason it is recommended doing AFTER you are certain that the computer is clean is that very few people can be absolutely certain of the date and time of infection. Plus using System Restore as a way of cleaning infection is just not recommended.
Follow all the steps given in the sticky. When you have completed the steps given then post back here with the requested logs.

It is recommended that you follow the steps in this sticky first;
Read me before posting a request for assistance
Once you have completed all those steps then come back to this thread with the requested logs and post those, then we can better help you.
Give us some more information about the computer also...hard drive size, how much RAM, etc.

Is this a new problem or has this always been the case? We need more information on the computer...make, model, operating system. Does this happen with everything or only online? Have you timed this...meaning does it happen always in the same length of time each time?

Upload the file to Jotti's malware scan and you should get an answer. They scan with multiple scanners to check suspicious files.

by mistake, i downloaded some file and ran it.

This doesn't tell us much...what file, where did you download it from, what did it do what you ran it?

1. Download SmitFraudFix. by SiRi and save it to your desktop! This tool only works on (WinXP, Win2K).

2. Please download Malwarebytes' Anti-Malware to your Desktop or to your usual Download Folder.
* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

3. Next step is to reboot into Safe Mode like so:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8
* A menu should appear
* Select the first option, to run Windows in Safe Mode
* …

WHO knows you are online? How do you actually KNOW this? You have to have some proof of this.

Lordy! Didn't even look at the original date!

Your problem is more than likely caused by the fact that you have THREE anti-virus programs running on the computer...at least a portions of Ewido Security Suite, and also Norton and Avast. The absolute rule is ONE anti-virus program on a computer. Pick ONE and totally UNINSTALL the others. Your choice. But be sure to UNINSTALL via Add/Remove, DON'T under any circumstances just delete them. If that Avast file shows as missing then it probably means that you attempted to uninstall but did not. You must do it the correct way otherwise portions of programs remain and cause problems.

Once you have done the uninstalls then REBOOT the computer. Delete the OLD version of HiJackThis that you have and download the newest version from HERE Be sure to install it to a folder of it's own. To do this create a new folder by right clicking on the desktop and choose New Folder. Then Rename the Folder HJT.
Download the new version of HJT to this folder and then run a new full system scan. Post back here with that new log.
You need to run a new scan with the newest version of HJT because there IS malware showing on the present log.

What anti-virus program are you using? What firewall?
What happens when you try to get to Windows Update? What happens when you try to open the Control Panel?

Frankly see no evidence of Vundo on the computer. This really isn't a needed tool unless it is actually seen at this point.
Funware and Starware also are not noted anywhere in the log so possibly Spybot removed them.
Look in Add/Remove for both, if you find them then UNINSTALL.
Starware is generally a toolbar and Funware can be anything from smiley's to toolbars.
I don't see an anti-virus program on the computer, this is an absolute MUST.
Try these steps to help begin clean up the computer;
Download the ATF-Cleaner by Atribune to the desktop.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Also download Malwarebytes' Anti-Malware to your desktop
* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full …

I agree with amrith92. But you are running an extraordinary number of programs at start up and therefore in the background all the time and many of these could be run manually when needed. This could certainly slow the computer.
Have you done a basic clean up...temp files, defrag, etc.?
I also see you are running AVG8, many folks, myself included, found this slowed the computer considerably. Did the slowness begin with the update to AVG8?

I don't see any signs of infection but you do have a large number of unnecessary programs running. Also I ask again, how are you connected to the internet?

How are you connected to the internet? You have an awful lot of programs running in the background and a lot of unnecessary auto starts too. I see you are running Norton 360. Norton programs, while very good usually, can slow the computer. Is the computer only slow when online?

I would recommend that you do the following;

Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Also Please downloadMalwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Once you have done those steps then Please Download Deckard’s …

Hello, Have used this site many times while searching for anti-malware answers and have had good results. PhilliePhan recommended that I join and offer my help so here I am. I love computers. I am a 62 year old grandmother of 4, retired school cafeteria manager. Got my first computer, a Gateway with Windows 95, over 12 years ago. I am on my third computer now and love computers as much as I did the first day I set up that first Gateway.
What little I know about ridding computers of malware, viruses and the like I learned on several sites much like this one. Had some great teachers over the years, hopefully I will do them justice!
Happy to be here.
Judy