I have been reading that the number of processes can slow down the broadband speed and mine is very slow I have 45 processes running,don,t know where they all came from,nor which ones I really need.I run wk2 Pro I have a 60 gig hard drive (one of two drives) and a 2.15 gig processor.There is plenty of memory left so the problem has to be somewhere else.I run Trend Micro every day to check for viruses and hijackings.Can someone please advise if I am indeed having this problem because of the number of processes running.

In my signature is Panda and ewido. Do those two scans and paste the log files if anything found...ewido first.

Hi Spider I posted the log but got the display, that I have posted too many images,not sure what that meant as I only posted the log ,which was apparently 2400 characters long so I took off some words to shorten it but it had no effect as it hasn't appeared.
lcyber
P S
ewido found 138 attacks

Incident Status Location

Adware:adware/oemji No disinfected Windows Registry
Dialer:Dialer.Gen No disinfected C:\WINNT\Downloaded Program Files\gaming.exe
The ewido log contained too many characters so it says.So I can,t post it
Please advise,shall I do it in two parts
lcyber

C:\WINNT\Downloaded Program Files\gaming.exe
Delete that file.

The ewido log contained too many characters so it says.So I can,t post it
Please advise,shall I do it in two parts
lcyber
Cookies section isn't important to post the log of (kill cookies at ewido yes), but do
post the rest even if it takes 5 posts.

Name: Spyware.Alexa
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: High

Name: Spyware.Alexa
Path: HKU\S-1-5-21-1292428093-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: High



Name: Spyware.AlexaBar
Path: C:\Documents and Settings\Administrator\Desktop\setup.exe
Risk: High

Name: Spyware.AlexaBar
Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y1A94T67\spydb[1].exe
Risk: High

Name: Spyware.AlexaBar
Path: C:\Documents and Settings\Administrator\My Documents\AlertSpy\SpyWares\spydb.exe
Risk: High

Name: Spyware.AlexaBar
Path: C:\Documents and Settings\Administrator\My Documents\AlertSpy\uninst.exe
Risk: High








Name: Spyware.AlexaBar
Path: D:\material\My Documents\AlertSpy\SpyWares\spydb.exe
Risk: High

Name: Spyware.AlexaBar
Path: D:\material\My Documents\AlertSpy\uninst.exe
Risk: High

Here are the ewido stats Spider without the cookies,
Thanks lcyber

Run CoolWebSearch (http://www.trendmicro.com/cwshredder)
reboot
return to ewido and delete everything it finds.

Thanks Spider I ran CoolWebsearch which came clear and followed this by deleting all on Ewido.
When I was directed to Test the system for other Spyware (I E got shut down by shredder and I was directed to Mozilla but got the yellow Alert!"connection was refused when attempting to contact the proxy server you have configured please check your proxy settings.How do I do this
lcyber

Reset your home page in Internet Explorer to http://search.msn.com or http://www.google.com

Tools
Internet Options...
General(tab)
Home page
Address: http://search.msn.com
click Delete Cookies...(button)
click Delete Files...(button)
click Clear History(button)
then
Security(tab)
click Default Level(button)
then
Privacy(tab)
click Default(button)
then
Connections(tab)
LAN Settings...(button)
uncheck Automatically detect settings
OK(button)
then
Advanced(tab)
scroll to the bottom and put a checkmark on Empty Temporary Internet Files folder when browser is closed
OK(button)

Reboot

How do I delete the gaming .exe file and the Adaware?These wewre revealed by Panda but in order to delete them I need to buy Panda software it seems
lcyber

How do I delete the gaming .exe file
You would just delete it.

Have you a computer savvy friend that you can get to do these instructions above?

Thanks Spider I am able to delete it but my problem is Finding where it is!

Hi Spider I followed your instructions and checked them over three times but the result is the same.I am still unable to connect to Mozilla as "connection was refused etc. check your proxy settings comes up again"

Reboot and press F8 key at one second intervals while computer is starting
and select Safe Mode with Networking to boot to.

I am able to delete it but my problem is Finding where it is!
Start
Run...
type explorer "C:\WINNT\Downloaded Program Files"
delete gaming.exe

Start
Run...
type notepad c:\winnt\system32\drivers\etc\hosts
copy all of it and paste here please.

Reboot and press F8 key at one second intervals while computer is starting
and select Safe Mode with Networking to boot to.


Start
Run...
type explorer "C:\WINNT\Downloaded Program Files"
delete gaming.exe

Start
Run...
type notepad c:\winnt\system32\drivers\etc\hosts
copy all of it and paste here please.

Hi Spider

I did that and firstly gaming.exe doen't appear in the list of Downloaded Program Files !There are two identical unnamed files that are {32564D57-0000
so it may be one of those two.

In Safe mode I couldn,t get internet connection or the printer working but the only entry in Hosts notepad was...127.0.0.1 local host.

I repeatedly get the display ,svchost.exe has generated errors and will be closed.You will need to restart the program,error log is being created.I had this display come up about five times doing these tasks
lcyber

lcyber

I did that and firstly gaming.exe doen't appear in the list of Downloaded Program Files !There are two identical unnamed files that are {32564D57-0000
so it may be one of those two.
Delete anything called gaming anywhere on C:
I repeatedly get the display ,svchost.exe has generated errors and will be closed.
You'll need to burn this to a CD. SP4 update for Windows 2000 129Mb (http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d0-a0c5-241bfecd095e/w2ksp4_en.exe)
You'll also need this W32.Blaster.Worm Removal Tool (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html) and FixBlast tool (http://securityresponse.symantec.com/avcenter/FixBlast.exe)
Boot to Safe Mode and run the two tools
reboot
install SP4 update

My Nero burn process keeps failing,don,t know why Is there some way round this.Can I run these two tools in safe mode ,will they be accessible in safe mode? and can I install SP4 update after I,ve run the two tools? I have a Ricoh disc burner MP724OA 24x10x40x ,my burn process started at 20x 3,000KB/s Disc speed error is displayed.

Can I run these two tools in safe mode ,will they be accessible in safe mode?
Boot to Safe Mode and run the two tools
Read through the threads please.

Hi Spider I ran the two tools but Blaster worm was not,luckily, found on the pc.I was unable to burn them onto a cd so used the tools from the site direct.

In my signature is Panda and ewido. If you can pass both the scans and they report you "clean"
then go to Windows Update and install all critical updates. If those scans report infections then
save the log file from each scan and post it here.

__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.Cookie.Statcounter
Path: C:\Documents and Settings\Administrator\Cookies\administrator@statc ounter[1].txt
Risk: Medium

Name: Spyware.Alexa
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: High

Name: Spyware.Alexa
Path: HKU\S-1-5-21-1292428093-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: High

Name: Spyware.Cookie.Liveperson
Path: :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kiesnew.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kiesnew.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kiesnew.txt
Risk: Medium

Name: Spyware.Cookie.Liveperson
Path: :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gac8is0w.default\coo kiesnew.txt
Risk: Medium

Delete all those...

...and Panda?

Panda is on its way as I coud only do one at a time

standing by...

Hi Spider ,things went dead as it seemed the hard drive couldn,t be read and had to be replaced,even after the hard drive was wiped it still couldn,t be used again.I've only just got back on line.Thanks for all your help with my problem anyway,which is the reason for this post.
lcyber

Your welcome.