Super Slow Computer, Focus 6 Startup in Add/Remove, search = no result

Computer:

Windows Vista Home Premium
32-bit
Toshiba Satellite Laptop
Memory (RAM) 1014
26.5 GB free of 110 GB

Not sure how much I should say so will post what I hope will help someone help me.


I've been reading the rules (praying I didn't miss any - apologies if I did) and I'm following the READ & RUN ME FIRST. Malware Removal Guide. But so far cannot find info here or via a Google search re:

Focus 6 Startup 29.3 MB

which I found in Add/Remove Programs

Heading next for the Sun Java and msconfig info steps but thought I should post about removing this Focus 6 Startup before moving on. Does anyone know what it is?:

The icon for it is the plain piece of white paper icon with the top
right corner folded over.

Why I am seeking help:

With and especially after booting up the machine is unbelievably slow. Cannot effectively use my computer in Normal mode so have to keep returning to Safe Mode ("Safe Mode with Networking" is what I chose since I was not sure I could access the internet net otherwise):

Cannot access (in normal mode) via the Start Up menu or otherwise the following programs:

A-squared Antitrojan (this did finally load up once- when I came back to my computer after an incredibly long period of time passed I saw it had opened. It scanned & found nothing)

Spybot (able to use in Safe Mode - after a very long wait it ran but found nothing)

Control Panel

Windows Security Systems were off and inaccessible (I did find a page while in Safe Mode at the Vista 64 forums that told me how to turn it back on)

The regular Restart or Shutdown command (unfortunately when
in normal mode I have to keep doing it manually)

Pretty much anything in the Control Panel that might be helpful is
slowed down to be impossible to access in Normal Mode- even with trying to access it as the administrator.

Firefox or IE browsers

I have been able to access Firefox in Safe Mode. Did not try IE.

I have McAffee Antivirus Suite[/B] which keeps turning off. I've used all of these programs successfully for almost 2 years until this happened.

I was able to do in safe mode. It said it would not work which was true. But when I rebooted in Normal Mode it had been reset after all. BUT the problem is that it turned off again. Back and forth like this it goes. is this because I keep going to Safe Mode?

Either way I still cannot use the computer is Normal Mode. Everything is unbelievably sluggish no matter what. But eventually I can access, so far, what I've needed in Safe Mode in order to get to this point in the process.

One thing I have noticed is that when surfing (quite often) a rogue automatic Adobe Acrobat file of some kind tries to open or access my computer. I have seen at least one of the security systems stop it each time I've noticed it happening (just not recalling which one).

Hope this is the right amount of info to share about what's going on with my machine.

Thanks for making assistance available.

P.S. Could a trojan be logging me out of this forum? Have not cleared cookies or anything - will log in again, hope I can get this posted.

 

Super Slow Computer, Access problems

Malware was found & removed but but still need assistance after following all the Malware Removal Guide steps.

I will attach the requested files.

Currently what is happening:

From 26.5 GB to 31.5 Gb of memory since running the anti-malwate programs

but still having problems in Normal Mode.


Accessing many programs from the Start Menu is still a problem including:

Mozilla Firefox (cannot access it from the desktop either)
[note: now IE is accessible however and I can get to websites with it]

A-squared Ant-trojan/Anti-malware ( but seems can access it from the taskbar menu now)

Control Panel (the Explorer Window remains white)

Problem Reports & Solutions - after completing all steps of the cleaning this report came up on it's own after rebooting. Lots of programs listed repeatedly on different dates for stopping. After the machine froze I had to manually reboot again and then could not pull this report to get a screen shot. It just would not open. Also could not pull it up from a shortcut under the Maintenance Folder. The ones I remember:

ar.exe

Mozilla Forefox

Adobe Acrobat Reader 8.1 (I do have the Acrobat Reader but not sure if this particular issue relates to the rogue Adobe Acrobat program [mentioned in the post above] that tried to open many times while I was surfing these past months).

A-squared Anti-malware


Whenever I try to access anything that will not open it seems to cause the freezing, requiring a manual restart. I can hear the computer working at something when this occurrs - and then if I try and use the mouse button the 'low on resources beep' happens (thus leading to the need to reboot manually again).

Hewlett Packard Printer digital scanner icon: usually loads in the task bar menu but with these last reboots sometimes it shows up and sometimes it doesn't.

Since using Combofix my desktop background did not return. I can activate it myself but not sure if that should be alarming. Also the directions for it said it would change my clock and also disconnect me from the internet during the process. Neither happened - may not be an issue - but since I'm not very schooled in high tech no idea if that would have been a problem?

Noticed (before I hid the usually invisible files again after completing the guide steps) that in the files list under my user name (I have been able to access this particular folder from the Start Menu) several files starting with: NTUSER.DAT... are present - is this normal?

I ran a few of the malware programs more than once because:

Forgot to disable the UAC after the first time I ran SAS and Malwarebytes - so did those again. Also with Combofix & MGtools I thought I did them incorrectly the first time.

Please see the attached files, I will incude them all ~ and if anyone is able to help with this thanks ~

 

Logs Attached

Logs Attached

 

Hi Tim & thanks for what you're doing to help with this issue. I really appreciate it.

Problems with accessing the suggested programs. What happened:

Root Kit Revealer

After unzipping it messages popped up:


Interactive Sevices

A message can't be displayed
The Program may need more information to complete a task.
Show me the message
Remind me in a few minutes

When I choose to "show the message" the screen goes black. Then grey and
a pop up message from Toshiba appears that I've never seen in the nearly 2 years I've had the machine says:


That I need to choose manual or automatic downloads checks for updates for a Toshiba update service.
The first time I chose the only other option in another popup above that one that said: return to desktop because I had no idea what it was, why I had never seen it before.


Tried again and same thing happened - that time I chose Toshiba manual update checks - but next message said the service 'was not needed or it was outdated.' So I again returned to the 'return to desktop' option.

Third time exact same thing happened yet again - only now there was a pop-up box to accept the Root Kit Revealer agreement. I accepted it and then it loaded. But it would not run - said there was a security and program incompatability. Also said it was dumping something I did not understand. I think the same 'files' that were showing the incompatabilities?

OMG - okay so I went to the 'return to desktop' option and decided to run the Bit Defender anyway just in case it might still help:

Followed the instructions but it would not run after it said I did not have admin priveleges.

But I am the 'admin' and the only one as this is my personal home computer, UAC is turned on. I checked to see if I could see any other users or anyone on the guest account I keep for family and friends (I think my 70 + year old mother is the only person that has used it besides me - and very, very rarely). Could see no one else.

I made sure I had turned off the real time anti-malware program running, firewall, rebooted......

Spybot and Firefox still will not run and jam up the machine to freezing - and to hearing the 'low resources beep' when I try to use the mouse or keys when I try to open either of these 2 programs. This happens No matter where I try to load them from. The same thing is happeneing in Safe Mode.

Even though IE continues to work fine and I can surf as needed right now in Normal Mode.

[ I also remember: I downloaded Root Kit Revealer to the desktop - but after unzipping it could not open it from there. Had to go through C drive from My Computer on the Desktop. Then I could unzip it. ]

Also: should Combofix have disappeared from my Desktop? I kept all the programs from the Malware Guide here but that one has disappeared - cannot find it anywhere.

 

Files attached and:

It turned out that Root Kit Revealer could not be used by my Vista OS. Not even directly running it from the Microsoft site. Apparently the version available currently is not compatible with my OS.

I tried Bit Defender via my computer guest account. I could finally get to the download step from there - but then it would not update completely before scanning. It gave me a choice to continue without the update but I thought that without the latest warnings included it might be better to wait or try something else that is current.

I went to the Alternative Scans page here at MajorGeeks and found 3 anti-Root Kit programs for Vista:

GMER: Tried 4 times (twice in Safe Mode, twice in Normal Mode) but it crashed the machine as the information warned it might.

Trend Micro RootkitBuster: That did not offer an update, file attached.
.
RootKit Hook Analyzer's Sanity Check: Said update was not needed. Not positive but the files it found might relate to my WinAmp Media Player and then my Toshiba laptop. File attached.

Do you know of another anti-RootKit program for Vista that you want me to run? I did not want to try any on my own not recomended by you or this website.

Mentions that might possibly be significant:

Still cannot in the admin account but in the guest account I was able to open both Spybot and the Firefox browser. Though last time I opened Firefox it took longer - maybe due to the spontanous Toshiba update that started?:

When I looged into the guest account an icon loaded in the task bar and an update began that I did not recognize. When I clicked on it it said it was Toshiba software update. Like the Toshiba pop-ups mentioned in the above post re: my admin account - that had also never happened before in either account. I right clicked on it and the file says it is:

IVPSvMgr.exe

Searching online I fnd the basic theme on many wesbites of, "...."This program is a non-essential process, but should not be terminated unless suspected to be causing problems...."

But I cannot find it's exact location on my computer. I'm not even sure I successfully stopped the updating after trying. Since it still said "updating" when I right clicked on it to check a few times before rebooting and logging back in to my admin account. Read somewhere else that even their legitimate updater, if the one I have is not, is notoriosuly difficult to close down. It said on other systems there is no obvious way to do so. And, of course, somewhere I read that a file with this same name could be malware pretending to be from Toshiba. I'm uncomfortable with it - along with everything else going on - because it has never presented before.

~~~~

 

It did not not show up when I tried to find it the Explorer window way. I did look - just to look - via the Start menu search to see if it would be listed that way and it was. I looked again after trying the Explorer search again but still appearing not there. Checked the first way again also and yep, shows up there and now twice. Then only once. Is it trying to hide or duplicating?

Usually when I search via the Start Menu there is an option to "see all results" and "search the internet." -- but with this one there is "search everywhere" and "search the internet."

How else can I remove it safely? Of course I'll look around at this site and online but I'm nervous about doing anything for this step without guidance.

Thanks again for helping~

 

Realized if I'm asking if it morphed or duplicated I should attach the log anyway. Done. I remember during the process it said something about a Windows error in in the smaller pop-up window that showed the progress bar - and in it's main window it said that it was deleting an GRKf log - I have no idea is that is normal.

After I ran MGtools this time hidden files were showing after rebooting (on the desktop anyway). Rebooted so I could reset UAC and security. The first time I did anything here last week I had to manually make hidden files show up in one of the steps. Was not sure if that was anything to be concerned about but hid them again.

 

The following post after this one will have the MGtools zip file.

Attached: Screen Captures of Program Security Tabs - Advanced.

Re: PEV.exe and

I figured out how to access PEV.exe - was my misunderstanding.

Was finally able to delete it after I found an unknown account user that had full control. I added permissions for myself and then deleleted the unknown one. But saved the screen capture in case there is some reason I should add it back again - in case that deletion turned out to be the wrong choice. I am:

SKYELF-PC

as far as I know - so wanted to ask about the other program files I attached - should all the users showing be there? The unknown user in the PEV.exe file I have not, so far, seen them listed on any other file security tabs.

 

MGtools log zip file attached - PEV.exe file deleted

Spybot File Security Tab-Advanced is also attached: Forgot to mention in my last post that I had decided to uninstall and reinstall Spybot. Then learned there were still many files still on the machine that were not included in the uninstall. Their website said that they would have to be deleted manually. I was about to do that when I saw found the security tabs account user list.

I also attached thumbnails of users listed on a few program files in my post just before this one - re: accounts that I'm not sure should be there on those as well.

And this this might be the lamest question in the computer universe but I need to ask: :-o

Does it matter if in the security tabs/advanced if my user name is in lower case letters or in capital letters? I guess what I'm really asking is whether or not a change in the letters case/form - but same spelling - can allow a malicious change of user access? It might just be because I've never in my life looked at or worked with files this much before that I'm thinking I remember it (my user name) being in all caps.

 

Hi Tim-

Here are the files, thanks.

The update:

I had planned to reinstall Spybot but decided against it for now. Because before I manually removed what was left - after the uninstall and reinstall - it froze up the machine again. I believe that now I've removed all of its files. Searched and can find none.

I uninstalled and then manually deleted the remaining Firefox files. After creating a few new profiles. Worked with the 2 new ones but not the old one as before. But then I accidently deleting all profiles ---- well, I reinstalled it anyway and I'm not going to cry over spilled milk - esp. since it's working well now.

When I was learning about backing up the bookmarks and saw in the AppData Roaming a file called:

wklnhst.dat

If I should delete this please let me know. Saw one alarm bell online about it but not by an expert. No real details.

 

Thank you!! :hyper :dancer:

The computer is running beautifully. I'll definitely be surfing more often via a restricted account. Sounds like a wise idea. Much gratitude for your assistance.

Kindest Regards~~

S.

 

Forgot to add that I'm pretty sure my question about Focus 6 Startup was also answered during this process. Also in case this might help someone else someday:

I believe now that it was part of a software program, actually called FreeFocus6. Not sure why the difference in name form. But the FreeFocus6 was a free software I downloaded ages ago that was similar to a favorite of mine called Cybershaman by a guy called Ernie Vega.
His site was stripped to bare minimum for a long time (due to drama around accusations by competitors and other craziness). But anyway, during that time I had somehow lost my backups - and later found the FreeFocus6 via a community of users of these and similar programs. Thinking I would be using it as a a next best choice.

The Focus 6 one never worked right on Vista and eventually I forgot about it . The files that I had been concerned about and that remained after I uninstalled it were called only: Focus6 or Focus_6. Leading to the title not immediately triggering my memory.

So hopefully that clears up a mystery that maybe no one else will ever wonder about. But just in case someone is ever surfing for more on a mystery file called Focus 6 and wondering what the heck it is - I wanted to remember to add this to the thread. Because there are times I've been very thankful I was able to find the most obscure info about something I've been wanting to learn more about myself.