dreadfully slow computer

I have been working on my nephews computer all day and have run all steps listed in the "READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal" log.

The programs cleaned up quite a few problems but there seem to be other problems as it is still quite slow coming up. When in safe mode ther are 2 accounts: Administrator and Jessica. When booting up regular there are 2 accounts: Kevin and Jessica. I ran all jobs that were required in safe mode under the Admin id. I ran all other jobs under Jessicas' regular id.

i have attached the HijackThis log which I ran under jessicas ID in regular bootup, not safe mode.

if anyone can help it would be much appreciated.

Thanks,
gary...

 

I now have gotten hold of the details. The machine is a Dell Dimension 2350 with Windows XP home edition and service pack 2.

These jobs were run under Administrator ID in safe mode:

1. TrendMicro. I checked auto Clean and Scan. Came out clean.

2. Symantec Security - Virus detection. Came out clean.

3. Stinger. Cam eout clean.

4. CCleaner. Came out clean.

5. Adaware SE w/ VX2 Cleaner Plugin. Found and removed bugs. Plugin = System clean.

6. Spybot - no threats found.

7. CWShredder (FIX) None infected.

8. Kill2Me - Removed.

9. about:Buster - No ADS found on system.

10. HSRemove - 8 items removed. Removal complete.

11. Bit Defender:
---------------------------------------------------------------------
c:\doc and settings\kevin\start menu\progrms\startup\PowerReg Scheduler V3.exe

Status: Detected with ApplicationAdware.PowerReg.3.0
Disinfection failed
Deleted

---------------------------------------------------------------------
c:\RECYCLER\s-1-5-21-...etc.../Dc28.exe=>wise()0008

Status: Infected with:Trojan.Downloader.VB.AH
Disinfection failed
Deleted

--------------------------------------------------------------------
c:\RECYCLER\s-1-5-21-...etc.../Dc28.exe

Status: Update failed

---------------------------------------------------------------------
c:\RECYCLER\s-1-5-21-...etc.../Dc29.dll

Status: Infected with: Trojan.Downloader.Agent.LI
Disinfection failed
Deleted

---------------------------------------------------------------------
c:\RECYCLER\s-1-5-21-...etc.../Dc30.EXE=>wise0008

Status: Detected with: Adaware.Wheaterbug.A
Disinfection failed
Deleted

---------------------------------------------------------------------
c:\RECYCLER\s-1-5-21-...etc.../Dc30.EXE

Status: Update failed

Your computer is still infected.


12. RAV Antivirus Online Virus Scan - In normal mode user=Kevin


LOG FOLLOWS:

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Program Files\EarthLink
5.0\jessicaburik@earthlink.net\mailbox\003.msf->(Invalid#1*) - MIME/Invalid#1 -> Suspicious
C:\Program Files\EarthLink
5.0\jessicahorn@earthlink.net\mailbox\004.msf->(Invalid#1*) - MIME/Invalid#1 -> Suspicious
C:\RECYCLER\S-1-5-21-2774877530-1326931927-2212647325-1009\Dc28.exe->[wise.8]
- TrojanDownloader:Win32/VB -> Infected

Scanned
============================
Objects: 54783
Directories: 5123
Archives: 3347
Size(Kb): -1335307
Infected files: 1

Found
============================
Viruses found: 1
Suspicious files: 2
Disinfected files: 0
Mail files: 177



13. Trojan Scanner:

c:\documents and settings\jessica\icon\icon,exe

Diagnosis: Trojan.Win32.VB.qg
----------------------------------------------------------------------

c:\documents and settings\kevin\cookies\kevin@2of7[2].txt

Diagnosis: Trace.Traxking Cookie
----------------------------------------------------------------------

c:\documents and settings\kevin\cookies\kevin@tribalfusion[2].txt

Diagnosis: Trace.Traxking Cookie
----------------------------------------------------------------------

c:\windows\extract.exe

Diagnosis: Trojan.Win32.Imiserv.c
----------------------------------------------------------------------

4 malware detected


14. A Squared - removed c:\windows\extract.exe

15. ADS Spy - found 0 ADS's


System takes well over a minute once the desktop displays and opening any application takes 10 seconds including START - MY COMPUTER...

 

Attach a fresh HJT log and we will go from there.

 

I am not sure if each account produces a unique hijackthis log, so I ran it under both accounts and attached the 2 files here. HijackThis was run in regular mode, not safe mode.

Thanks for your time. It's much appreciated.

 

This is for jessicaMonday-hijackthis.log

Scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\WINDOWS\SYSTEM\blank.htm

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot, Scan with HijackThis and attach the new log.


This is for kevinMonday-hijackthis.log

Scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot, Scan with HijackThis and attach the new log.

 

I followed your instructions for both Id's and you will find the log files attached.

Somethings I noticed and I dont know if it will help...

1.After running CCleaner under Jessica's ID, I clicked the "check for updates now" link and went to their website via Firefox and was told i had the latest version. I closed Firefox and reren CCleaner. It deleted:
c:\doc+settings\jess\ApplicationData\macromedia\flashplayer\macromedia.com\support\flashplayer\sys\settings.sol

It also removed the following cookies:
google.com
tribalfusion.com
atdmt.com

2.same thing. After running CCleaner under kevin, I clicked "update" link, closed firefox, reran CCleaner. It removed Cookies:
fastclick.net
tribalfusion.com
atdmt.com

I dont know if the info is pertinent, but I thought I'd include it in case it helps.

lastly, all boxes were checked under cleanmgr.

 

Both of your HJT logs are clean!

Are you having any further problems?

 

Things are much much better tan they were, It is still slower than it should be tho and I will take a look at the forum on optimizing the computer. Thanks much for all your help. It is greatly appreciated.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!