Hi, I hope you can help me with what seems to be a virus problem.

My system is running slowly right now and there have been some strange goings-on, such as my firewall removing itself and my internet connection speed acting very sluggishly. I have a variety of virus and spyware programs (listed below) but only two of them found any problems. Anti-Trojan 5.5 found a couple of problems (see further below) which it says it fixed. eTrust Pest Patrol finds ‘CnsMin’ and an ‘Un-named Trojan’ (in hkey_local_machine\software\microsoft\windows\curr entversion\run). However, I cannot fix these errors because I only have the trial version. Is this a real problem worth buying the licence for? I only ask because nothing else finds this problem…SpyBot refuses to update (‘Bad checksum!’) but always finds the same problem (Microsoft.WindowsSecurityCenter_disabled), which it claims to fix.

I followed your prefix suggestions but I'm unable to install AVG Anti-Spyware. It's been stuck at the half-way point of installation for the last 5 minutes. This is not good, especially since I had to remove eWido before starting installation...

Protection Programs on my machine:
eWido anti-spyware (not any more!)
SpyBot SD
eTrust Pest Patrol
AVG Free
Ad-Aware SE
Spyware Doctor
Spyware Blaster
Registry Mechanic
Sunbelt Kerio Personal Firewall
Anti-Trojan 5.5
Msblastremover.exe
Anti Spyware 2005 (by Checkflow software)

I’ve just ordered McAree’s complete package.

As well as my machine running slightly sluggishly, it seems that I also cannot burn with Nero anymore?!

--------- RESULTS FROM ANTI-TROJAN 5.5 SCAN--------------------

Portscan:

Port 80 open. Possible trojans. Webserver (possible Trojaner: Executor)
Port 135 open.
Port 443 open.
Port 445 open.
Port 1025 open.
Port 1027 open.
Port 1029 open.
Port 1030 open.
Port 1031 open.
Port 1032 open.
Port 1034 open.
Port 1036 open.
Port 4000 open.
Port 8081 open.
Port 10110 open.
Port 43242 open.
Port 44334 open.
Port 44501 open.

Registry-Scan:

Drive-Scan:


The following drives/folders have been scanned
c:\
Trojans found: I-Worm.Brit.b
Path: c:\Websites\PACKAGE TWO SITES\1FunCasino\dload_help\images\roulette.jpg
Trojan removed!



The following drives/folders have been scanned
d:\


The following drives/folders have been scanned
e:\

Number of scanned files: 163720

Number of found trojan files: 1

End of search: 28/12/2006 11:22:02

Finished searching.
A restart is necessary to remove all trojans. Please click on the Restart button to shutdown your computer.

---------------------ENDS ANTI-TROJAN SCAN--------------

...Hijack This report to follow...

Logfile of HijackThis v1.99.1
Scan saved at 12:02:40, on 28/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CheckFlow\FlowProtector\4.0.0.1\FlowService. exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
E:\Program Files\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
E:\Program Files\eTrust Internet Security Suite\caissdt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Anti-Trojan-55\ATWatch.exe
C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Tiscali UK. Information, entertainment, broadband, email and internet access.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Abel Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [eTrustPPAP] "E:\Program Files\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CaISSDT] "e:\Program Files\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AT-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.abelgratis.co.uk
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FlowProtectorService - Unknown owner - C:\Program Files\CheckFlow\FlowProtector\4.0.0.1\FlowService. exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

A security analyst will be along soon to help you.

Hi cwebs

Welcome back to PCHF

If you can bear with us for a short while until either Chia or Pancake can take a look it would be appreciated.

Sure, I'm ready when you are!

Thanks for the welcome back, shame it's for the same reason as before

I seems to me that you have far to many anti virus programs running.It may be that this is your slow down problem.I would disable them all and see if there is an improvment and also do a cleanup with this...and also do a defrag.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.