Removal guide done, still having issues

Welcome to Major Geeks!

You do not appear to be having malware problems! If your main complaint is that your PC is slow, you need to take a look at what you are running because that is where your problems are.

I will give you a few things to do in my next message, but first get started by uninstalling CounterSpy since we are finished with it now. Then delete the below two folders which may be left behind.

C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

I see you have Spybot's Teatimer running which we requested that you not use in the READ ME. Did you always have this running or did you recently enable it?

 

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to STOPzilla Local Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSTOPzilla Local Service into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
After clicking Fix, exit HJT.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Things to reconsider whether you need that can also be slowing you down:

• Windows Live and all the junk that comes with it
• HP Tool Kit
• HP Share-to-Web
• LogitechSoftwareUpdate

One item the could be the largest contributor to your PC running slow, is Norton 360.

 

See message # 5 and also this one!

I almost forgot the below. You missed doing these in step 0 and step 6 of the READ ME.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Mozilla Firefox (1.5.0.11)
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

 

I still see it in your ShowNew log! I also see Windows Live! What order did you run the steps in? The log from ShowNew still shows everything. Also you HJT log shows you did not fix some of the items I said you should fix. Did you choose not to fix them? Check again! Also fix also of the below lines in your HJT log:
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"


Note: While uninstalling Norton will improve things dramatically, you do need to install an antivirus and firewall to replace it. The ones below will be much less resource hungry but they will still affect performance. I suggest you install the below to get your system protected if still have Norton uninstalled.

AVG Free Edition

Comodo Personal Firewall


Attach a new HJT log after checking for everything I gave you last time and after fixing the above.
Also attach a new log from ShowNew that shows your current status after doing ALL of the above!

Some Symantec stuff still shows in you HJT log! Do you still have anything from Symantec or Norton installed! Check Add/Remov programs? Make sure you uninstall all of it. Look for Live Update too since you had two of them installed!

LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)

 

That is one reason why the READ ME specifies not to use Teatimer.


I see the below in you HJT log. Did you miss fixing it, or did it come back again? Fix it again!
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


Also service from Symantec is still trying to load! Removing Symantec/Norton is as troublesome as removing malware.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Lic NetConnect service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteCLTNetCnService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when it tells you it needs to.

I still see Norton 360 in your uninstall list. It may not show in Add/Remove programs but it is there. Please run the below procedure and attach the requested log.

Getting Uninstall Programs List From The Registry

Now also delete the below folders.
C:\Documents and Settings\All Users\Symantec Temporary Files
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Program Files\Norton 360
C:\Program Files\Windows Live Toolbar

 

Okay! Do the below and then we are all done!


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!