1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pop-Ups! out of control

Discussion in 'Windows - Virus and spyware problems' started by JFLrebel, Mar 4, 2006.

  1. JFLrebel

    JFLrebel Guest

    Ok so i get like 100's of pop-ups every 5 minutes, it gets to the point were it freezes my computer constantly, i have 3 scanners one being norton anti-virus and windows defender, both delete over 1000 adware, spywares every scan and i have scanned 5 times in the last two days. they seem to keep coming back, they both say somthing about a trojan that niether one can delete called unin.exe or somthing like that, i have searched all over the net and cant seem to find a way to delete it, i also keep getting a message from windows saying i have a blackworm virus breach?
    someone please help me, here is my hijackthis log, thanx

    Logfile of HijackThis v1.99.1
    Scan saved at 2:02:31 PM, on 3/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Acer\eManager\anbmServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\BearShare\BearShare.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Media\My Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.hightimes.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...RD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
    O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
    O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
    O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\system32\Tagasuarus7.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ziru] C:\PROGRA~1\COMMON~1\ziru\zirum.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\l6j8lg1u16.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
     
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi JFLrebel, I am working with your log and I'll post you back soon.
     
  3. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi again JFLrebel, you have some malware infections on your computer.
    Please follow these instructions carefully.


    Cleaning instructions

    Move HijackThis to its own folder C:\HJT.

    Disable Microsoft Defender (it may hinder the cleaning process).

    1. Download Look2Me-Destroyer to your desktop -> http://www.atribune.org/ccount/click.php?id=7 Do NOT run it yet.

    2. Download Intermute's CWShredder to your desktop -> http://cwshredder.net/bin/CWShredder.exe Do NOT run it yet.

    3. Update Ewido. Do NOT scan yet.

    4. Go to the Control Panel -> Add or remove programs -> Find BearShare and remove it. BearShare may contain spyware so you should replace it with a clean program.

    5. Close all windows before proceeding.
    ->Doubleclick Look2Me-Destroyer.exe to run the program
    ->Check Run this program as a task option.
    ->You get a message: "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Click OK
    ->When Look2Me-Destroyer opens again click Scan for L2M option, your desktop icons will disappear for a seconds but it is normal.
    ->When scanning is ready, click Remove L2M option.
    ->When you get the message Done Scanning, click OK.
    ->When ready you'll get this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, Click OK.
    ->Your computer will shutdown..
    ->Restart your computer.
    If your firewall alerts about connections to this program, allow those.

    (IF you get runtime error '339', download MSWINSCK.OCX from the following link and place it to the folder C:\Windows\System32
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
    Try again)

    6. Restart your computer to the safe mode (Press F8 button when computer is starting)

    7. Make your hidden files visible:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Show hidden files and folders.

    8. Run CWShredder

    9. Run HijackThis and fix these entries (if found) (do a system scan only, check entries, close all other windows, press Fix checked).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
    O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
    O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
    O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\system32\Tagasuarus7.exe
    O4 - HKCU\..\Run: [ziru] C:\PROGRA~1\COMMON~1\ziru\zirum.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
    O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll


    10. Delete these (if found):

    C:\Program Files\-->BearShare<-- Entire folder
    C:\\-->keyboard.exe<--
    C:\\-->mousepad.exe<--
    C:\\-->gimmysmileys.exe<--
    C:\WINDOWS\system32\-->qwinkrag.exe<--
    C:\WINDOWS\system32\-->loadadv64<--
    C:\WINDOWS\system32\-->Tagasuarus7.exe<--
    C:\PROGRA~1\COMMON~1\-->ziru<-- Entire folder
    C:\WINDOWS\system32\-->qwinkrag.exe<--
    C:\WINDOWS\system32\-->wdc1n.dll<--

    11. Empty the Recycle Bin

    12.Make your hidden files invisible again:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Do not show hidden files and folders.

    13. Scan yor computer with Ewido and save the log file.

    14. Restart your computer normally.

    15. Run HijackThis and post its fresh log and Ewido's log to here. This is important because your computer may not be clean yet.

    Now you can enable Windows Defender.

    PS. You have many programs starting when you start your computer and if you want to make your computer (especially the start) faster, you can fix these entries with HijackThis.

    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
     
    Last edited: Mar 4, 2006
  4. JFLrebel

    JFLrebel Guest

    hey thanx man u were a great help, i still get one or 2 pop ups here and there but the bulk of it is gone, again thanks, and here is my hijackthis log and ewido log just in case


    Logfile of HijackThis v1.99.1
    Scan saved at 10:44:13 PM, on 3/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Media\My Programs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hightimes.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...RD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    and here is the ewido log

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:36:54 PM, 3/6/2006
    + Report-Checksum: C7B7863E

    + Scan result:

    C:\WINDOWS\Temp\Cookies\jfl@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jfl@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\JFL\Local Settings\Temp\Cookies\jfl@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP21\A0010260.exe -> Adware.SurfAccuracy : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP24\A0010876.dll -> Adware.CommAd : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP26\A0013937.dll -> Adware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP26\A0013938.dll -> Adware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP26\A0013939.dll -> Adware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP26\A0013940.dll -> Adware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP26\A0013942.DLL -> Adware.Look2Me : Cleaned with backup
    D:\Media\Downloads\[PC GAME - ENG ITA] Resident Evil 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    D:\Media\Downloads\Resident Evil 2 - Leon And Claire Discs.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    D:\Media\Downloads\Resident Evil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup


    ::Report End
     
  5. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi JFLrebel, your logs are now clean.

    But you still have some pop-ups...

    Lets try this: Download [bold]F-Secure Blacklight[/bold] to your desktop. ->
    http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

    Run a scan with it. [bold]Do NOT REMOVE or RENAME[/bold] anything yet.

    A log will appear to your desktop. (named fsbl******.log or something)
    Post it to here.


    PS. You have many programs starting when you start your computer and if you want to make your computer (especially the start) faster, you can fix these entries with HijackThis.

    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

     
    Last edited: Mar 7, 2006
  6. JFLrebel

    JFLrebel Guest

    the program found no hidden files and i dont get anymore pop-ups cuz google toolbar kills em all so everything is fine now and i took you advice, startup is much faster now thanx for all your help!
     
  7. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, that is great and you are welcome ;)
     
  8. JFLrebel

    JFLrebel Guest

    One more question bud, i got my laptop like three weeks ago and somtimes it runs slow as hell, its good after bootup but things like internet explorer and microsoft word freeze up if i let them sit for awhile ex. i might minimize a site and go back to it like 10 mins later and when it tries to bring it up it will run slow for a couple mins and i have to let it catch up then it runs good for awhile and then the same thing, usualy freezing up my computer to were i have to wait for windows to shut everything im running down, which takes for ever before i can start opening back up programs, is there anything i can do about this i mean its a brand new computer, or is that just this wonderful OS im running called windows XP?
     
  9. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    It is a laptop so one possibility is that some powersaving-mode starts when you are not using it and it slowers the processors speed etc.

    Try to adjust those power settings, it may help.
     

Share This Page