Followed your instructions, here are my logs

Welcome to Majorgeeks!

Please run CounterSpy again and this time have it fix/quarantine what it finds. You ignored everything last time. Attach a new log.

Also please read step 3 of the READ ME again and follow those instructions. You have AVG and Norton installed. Uninstall one NOW. This will speed things up too.

Also run CCleaner again and save a log from CCleaner and attach it here. It did not seem to clean Temp folders last time where you have a lot of junk collected.

Also now attach a new log from ShowNew after all of the above has been completed.

 

Just right click in the window pane showing the results and you will see an option to save to text file. But if you already quit the program it may be too late to look at what I wanted.

 

Just complete the other instructions!

 

Did you knowingly install each of the below and do you really need and use them? Do you really require two download managers? Before answering, don't forget that your complaint is that your PC is slow!!! And why does Twizard need to startup 3 different times??

O4 - HKLM\..\Run: [HiDownload] C:\Program Files\HiDownload\hidownload.exe
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 0 1 2 3 4 5 8 9 10 11 12 13 14 15 16 17
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [FreshDownload] "C:\Program Files\FreshDevices\FreshDownload\FD.EXE"
O4 - HKCU\..\Run: [Compete Toolbar Update] C:\Program Files\Compete Toolbar\CompeteUa.exe
O4 - HKCU\..\Run: [Compete Toolbar] C:\Program Files\Compete Toolbar\Compete.exe
O4 - Startup: Tray Wizard.lnk = C:\Program Files\Tray Wizard\TWizard.exe
O4 - User Startup: Tray Wizard.lnk = C:\Program Files\Tray Wizard\TWizard.exe
O4 - Global Startup: Tray Wizard.lnk = C:\Program Files\Tray Wizard\TWizard.exe

 

No! I just wanted you to finish the rest of the message and not worry about a Ccleaner log anymore.

 

Okay we will remove all but one.

So then can I include fixing Hidownload and Freshdownload in my fix?

 

Okay I'm working up a fix, but I need another 2 questions answered. Did you make all the below Policies and Restrictions yourself?

Are the below paid programs or free trials?
ewido anti-spyware 4.0
TELUS Spyware Detector

Answer the above ASAP and then while waiting for me to post a fix, get started on doing the below.

Uninstall the below old versions of software:
IBM 32-bit Runtime Environment for Java 2, v1.4.1
J2SE Runtime Environment 5.0 Update 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\Student\Local Settings\Application Data\Sunbelt Software
C:\MajorGeekTools\CounterSpy

 

Okay so that brings up more questions before we start removing things you may want.

Isn't this part or FreshDownload? Since FreshUI is still installed, do you use it? Do you still want to stop FreshDownload from running? Do you want to uninstall FreshUI?

Does the Telus package still work? And can you get updates for it? Since Ewido is free, it is only a scanner now and does not provide realtime blocking, so I want to know if the Telus package is providing you real time blocking of malware and whether you get updates to keep it in sync with the ever changing malware.

I going to start posting a fix anyway since I have to get to sleep because I have to be up in 3.5 hrs for work. :tired Thus I'll leave some items out of my initial fix and we can get them later if necessary.

 

Make sure viewing of hidden files is enabled (per the tutorial).

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: Tray Wizard.lnk = C:\Program Files\Tray Wizard\TWizard.exe
O4 - User Startup: Tray Wizard.lnk = C:\Program Files\Tray Wizard\TWizard.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe (file missing)
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/SCJohnson/Coupons.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):
C:\WINDOWS\logo1_.exe
C:\WINDOWS\zts2.exe
C:\Program Files\HiDownload <--- the whole folder
C:\Program Files\MessengerPlus! 3 <--- the whole folder

Now run Ccleaner

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

No!!!! That is the wrong approach and not what MSconfig is designed for. If you don't need something to load ever, then you uninstall it. If you need it sometimes but don't need it at startup, you either configure the program (if it allows) to not load the processes at startup or you remove the registry entries permanently. Using MSconfig still causes some lag and it can cause other issues. For one, it can cause the problems like seen in your log where things were trying to load multiple times. If you don't want something to load at startup, tell me which processes and let's talk about them.

Do you need the below Autoupdater from IBM? Can't you just do this on your own:
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

In the future, please follow steps in the order written. Now your logs will not reflect the information I expect to be in them. If your previous logs were from before uninstall FreshUI and Telus, I also need to see new logs now. It does look like HJT still shows FreshUI & FreshDownload.

I'm not sure what you mean by using Task Manager. It does not allow you to delete files or folders. It let's you run new processes. If you ran those processes that would be a bad thing to do.

Okay from your ShowNew log, I see you already uninstalled both of these!


Do you have the option in CCleaner for cleaning Temp folders checked or uncheck! I don't understand why the below folder is not being cleaned:
C:\Documents and Settings\Student\Local Settings\Temp\

Why do you have all those files saved there? Are these things you need? If so, they should not be in a Temp folder.

Please go thru your Add/Remove Programs list and tell me if there are any other programs in there that you either don't know what they are or that you don't use. It you don't use it, uninstall it.

Boot in safe mode and look for the below file and delete it! NOTE: The file name is rundl with the numbers one, three, and two after it followed by .dll

C:\WINDOWS\rundl132.dll

NOTE: You still have HijackThis installed incorrectly and UNRENAMED! Please correct this NOW!!! See step 7 of the READ ME! You have it here:

C:\Documents and Settings\Student\My Documents\Downloads\utilities\HijackThis.exe

It Must be here:

C:\Program Files\HJT\analyse.exe

 

I would prefer to try another tool first to see if the problem is some kind of quirk with CCleaner. By the way, what version of CCleaner are you running.


Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Attach a new log from ShowNew now!

Uninstalling is always the first choice if something can be uninstalled and you do not need it. If it cannot be uninstalled then the second choice would be to look in the program for an option to not load it at startup. The third choice is to use HJT to fix the startup.

Any other items you don't need to load? I still see FreshUI and FreshDownload

The below are also a waste of system resources:
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

 

Great! Looks like ATF Cleaner worked properly and cleaned that folder.

How are things working?

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

I already asked you questions in previous messages (like # 24) but you did not answer them. And did you uninstall all the junk you don't need? Did you have HJT fix the MusicMatch startups? Slow startup due to all the unnecessary software you are loading are not malware problems. Laptops are notorious for having all kinds of junk loading at startup and when you add more like you have, it just makes it worse. You need to research all the stuff you are loading and decide what you need and what you don't need. I cannot do all of that for you since I have no idea what you really need and use.

After you remove everything that is unnecessary and have fixed all items I already suggested, answer my question from msg # 24 and attach a new HJT log. In reality one of you larger impacts on startup may be all the Norton stuff including GoBack.