Expert: Brian Benosky - 10/21/2011

Question
QUESTION: I read your instruction above regarding the HiJackThis install but when I attempt this I get a warning window that it may have viruses and isnt signed, etc.  This worries me.  Is it okay to install this without having backlash?
My PC was running slowly and in the Task Manager it would indicate that "HP Agent something" was "not running".  When I googled the HP Agent there was a mass listing of how to keep it from your PC b/c it allows ppl to access your wireless.  I went into Start, Run, msconfig and removed it from the Startup Common.  My PC doesnt seem to be any better and I dont know if in the General Tab of the System Configuration Utility should be "Normal Startup" or "Selective Startup".  Anything you can help me with would be muchly appreciated.  Im trying to run a business on this PC.

ANSWER: Hi Gwynyth

HP Agent is a utility which checks for updates of your computer's firmware, software, and drivers.  It's not a program you need running at all times, but it is not harmful.  As an alternate method for starting the HP Update utility, you may click Start , and type Update in the Search field. When HP Update entry appears, select it, and run your HP Updates, if any.
Generally, you use Normal Startup, unless you do not want certain programs to load automatically on boot.  In that case, you would uncheck the programs you don't need, and use Selective Startup from that point on.  
My concern for you is the warning popups you are getting from HijackThis, and also the fact that you say your computer is running slowly.  I'd like for you to run a full scan as follows:

Restart the computer while tapping the F8 button continuously until a menu screen appears.  Choose to Boot Windows into Safe Mode With Networking.  Once in safe mode, open a browser and download Malwarebytes' Anti-Malware to your desktop from here:

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end of the install, Malwarebytes will perform an update to it's definitions.
* Once the program has loaded, select Full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* Reboot the computer normally.
* When completed, a log will open in Notepad.  Please save it to your desktop.

Copy the Malwarebytes log and paste it to me in a follow-up.

Brian

---------- FOLLOW-UP ----------

QUESTION: Thanks for your help, Brian.  Here are my scan results.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7987

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

10/20/2011 1:26:05 PM
mbam-log-2011-10-20 (13-26-05).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 247741
Time elapsed: 27 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I hope this makes sense for you.
Gwynyth

ANSWER: Hi Gwynyth

There were a few infections in the Windows registry which Malwarebytes' removed.  It looks like your AntiVirus notifications were disabled.  I suggest updating your virus definitions now and running a full scan with your AV program.  If things are still running slow after that, I suggest you download CCleaner from here:
http://www.snapfiles.com/get/ccleaner.html
Install the program, Click the Analyze button, then once all the junk files are found, click the Run Cleaner button.  That will delete temporary and junk files which slow down your computer.  It is very safe and will not delete anything you need.
And if you need further assistance, or have any questions, just let me know.

Brian

---------- FOLLOW-UP ----------

QUESTION: Thanks Brian, I will try just that.
However, I dont know what a virus definition is, much less how to update it.  And then I wouldnt know how to run the scan with the program?
I had a windows security alert that pops up on my base bar every single time I logged in and I guess in trying to stop that from happening I disabled the notification.  I have a program installed called Windows Defender.  Isnt that an antivirus program?  
Im a little challenged in the computer dept. and greatly appreciate your patience and assistance.
Gwynyth

Answer
Hi Gwynyth

Sorry for the delay in getting to your questions.  Windows Defender is not an Antivirus, but an Antispyware.  They are similar, but an Antivirus offers protection against more serious trojan and rootkit viruses.  All computers need to use an Antivirus program.  I recommend Avira Free Antivirus which is lightweight for use on all computers, yet offers powerful protection.  Read more and download here:

http://download.cnet.com/Avira-Free-Antivirus/3000-2239_4-10322935.html?tag=drop

Brian