operating at molasses speed

You still are not attaching anything. Look at the directions in the link for HijackThis given in step # 7 of the READ & RUN ME. It gives a pretty detailed set of steps on how to attach a HJT log. The same can be done for all attachments.

 

Okay! I just saw your last message. Does this happen for all logs or only certain ones?

How large are each of the files?

 

FIrst try clearing your IE cache and if that does not help post them inline and I will attach them for you.

 

Okay a couple of problems. You did not follow the steps for HJT properly.

Your log is from safe mode and must be from normal boot mode.
You did not disable msconfig from controling startups. You must select Normal Startup.

But first I would like one more tool to be run so we can look for more potential hidden problems especially some for WareOut.

Download WinPFind

• Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program.
• Once it is launched, click on the Configure Scan Options button. And to the right side in the white box below the Run Addons checkbox, select the Qoologic.def and WareOut.def check boxes. Then click Apply.
• Now click Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
• When it is done, it will show the results of the scan. Right Click in the window and choose Select All. Then Right Click again and select Copy which will copy to the contents of the log to your clipboard. Then open a notepad window and paste in the log by pressing CTRL-V. Save it to a file and upload the text file here as an attachment.

Afterwards post a new HJT log after disabling msconfig and from normal boot mode.

 

No problem! Just sure msconfig is set to Normal Startup and you have rebooted to normal boot mode. Also attach the WinPfind log. Then one of us will be able to get you all fixed up.

 

No it looks like the WinPfind process was aborted due to some kind of error. Not sure if the malware cause it or not.

Do you use a Palm Piolet? The reason I ask is the below process being loaded:
O4 - HKLM\..\Run: [P-Install] D:\Install\installerp1.exe e

What is it for?

Use Windows Explore to locate and delete this file: C:\WINDOWS\SYSTEM32\SetupCarnival.exe

Let's fix the WareOut problem.

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA509D4-D60B-49D5-9C08-A7A41E9F1214}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3833268-D6FD-44BD-A4AC-6225D4802A55}: NameServer = 85.255.113.124,85.255.112.15


After clicking Fix Checked, close HijackThis, and click OK to proceed.

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

Also attach a new HijackThis log.

 

Probably because of this line: C:\WINDOWS\System32\cmd.exe
Why did you have a command prompt window open? Or was it opened and you did not know it (due to malware)?

Do you have a paid version of SpySweeeper installed that you keep upto date? If so what version is it? And what is the reference file version?

If you do buy it and keep it up to date, you should uninstall MS Antispyware. Keeping both running all the time hogs resource and will slow your PC down.
If you don't but SpySweeper, you should uninstall it and keep MS Antispyware.

Your log show no malware but you do have a lot of stuff running and should consider not loading some them.

Yes have HJT fix the below line since you do not use it anymore:
O4 - HKLM\..\Run: [P-Install] D:\Install\installerp1.exe e

 

Your log is clean. Before worrying about not loading (this means removing them from the list of items that run everytime you startup - it does not mean uninstall), tell me how things are working now.

You can also just do a search on Google or Excite and just do a little reading.
Like do a search of one of your processes listed in the O4 lines of the HJT log, like this one:

hpztsb07.exe

One of the links is: http://www.liutilities.com/products/wintaskspro/processlibrary/hpztsb07/

You would read and decide if you need the feature. If not, you can have HJT fix the line or you could use a startup manager program like Startup CPL to control startups.

 

You're welcome. Make sure you check out the below info too:

How to Protect yourself from malware!

As far as supporting us:
- send your friends here
- try to get all your file download from our main page file systems at www. majorgeeks.com
- you can buy some MG's geek wear. See the link in the right most column on the home page.