There's my sign! But I need help

[azsteve]

My Fellow Geeks, I need your help. I've been trying to rectify this computer problem but I've been unsuccessful thus far.

I've been to the following and have what was instructed but I still came up empty handed. http://forums.majorgeeks.com/showthread.php?t=35407

The results from my online virus scan at:
Bitdefender was - 7
RAV - 0

Some of the files from bitdefender unremovable.

So what do I need help with you ask? When I try to access my registry by going to start - run - regedit, the window pops up and disappears so I have to manually go in by going to start - windows, etc. A couple days ago I also noticed that ctrl+alt+delete wasn't working either. But that is no longer an issue because it's works now.

Also while browsing my connection freezes up on me and is running slower than usual. When I click on my network connection icon in my system tray and click the support tab, then click repair, it gives me the following error message "The following steps of the repair operation failed: renewing the IP address. Please contact your network administrator or ISP."

So I'm a mess and I'd be grateful for any help.

Steve

[chaslang]

Please follow the steps below exactly:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

[azsteve]

Here's my HJT log. Thanks for your help.

Steve

[chaslang]

You HJT log does not indicate that RAVantivirus was run. Are you sure it ran?

Post the BitDefender log so I can see what was found and not removed.

You HJT log shows no real major problems. Just the below minor items can be fixed.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0947a601...p/RdxIE601.cab

After clicking Fix, exit HJT.

Can you explain in more detail the exact problems you are having? When do they occur? Is it all the time or only sometimes? Do they also occur if you boot in safe mode?

[azsteve]

Chaslang,

Here are my other logs. The first time through I did run the RAV, it took over an hour to scan my machine. Yesterday I spent a good part of the day going back over http://forums.majorgeeks.com/showthread.php?t=35407. I have posted all logs in this message.

As for my problems:

My computer is running a lot slower than normal. Some pages are taking 30 seconds or more to load, pages that shouldn't take this long. I had to reboot several times yesterday as I was going through the list of cleaning software. Even in safe mode my computer was acting up. Had to restart after Avert Stinger and the second set of virus scans. Restart again after Bitdefender. Restart again before CCleaner. My internet connection was lost, that's why I had to restart.

I also can't access regedit by going to: start-run-regedit.

I noticed all these problems around the same time. My Norton trial was expired and I thought 50 for their softwar was kinda high so I looked around for a cheaper version. Deleted Norton and installed PC Cillin. I also added a new Epson printer and software around the same day.

The computer is slow pretty much all the time. I really haven't noticed if there is certain times of the day that are worse. Right now it's slow. Last night it was slow. I thought I ran a pretty tight ship but something has gotten a hold of my system.

Spybot had two problems with wildtangent but they were fixed.
HSR-removed 8 items
CWS-nothing found

Thanks for all your help,
Steve

[chaslang]

First a note: you have no reason to be running HSremove (or about:buster if you have been). You do not have any HSA hijacker issues. HSremove has a bug and always reports 8 items found.

RAV should leave a foot print in your HJT log and I did not see one.

Are you sure your regedit.exe file exists? Use Windows Explorer to look for c:\windows\regedit.exe

There are not problems in your log but you can fix the below (left over from running HSremove):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

Open a command prompt by clicking Start, Run and enter cmd and click OK. Then enter the below command and tell me what happens.

sfc /scannow

This will scan your PC for missing/corrupted system files and attempt to replace them. You may need your Windows XP CD.

[azsteve]

Quote:

Originally Posted by chaslang

Open a command prompt by clicking Start, Run and enter cmd and click OK. Then enter the below command and tell me what happens.

sfc /scannow

This will scan your PC for missing/corrupted system files and attempt to replace them. You may need your Windows XP CD.

I can click Start, Run and enter cmd but that is all I can do. A black window pops up and disappears, so I am unable to type sfc/scannow

[chaslang]

Try it this way:

Start, Run and enter sfc /scannow and click OK.

Now what happens!

[azsteve]

Okay, opened up a window saying it was checking all windows files. It ran and closed without doing anything else.

[chaslang]

That's what it may do if it find no problems or if it finds then and can immediately fix them without needing a CD. Is there any change to your problems?

You did not answer my question from message # 6 about regedit.exe.

[azsteve]

c:\windows\regedit.exe <----does exsist, sorry I didn't answer that question.

IE is still running slow.

[chaslang]

Quote:

Originally Posted by azsteve

c:\windows\regedit.exe <----does exsist, sorry I didn't answer that question.

IE is still running slow.

Well that's why you cannot run regedit from the Star, Run box. You need to replace this. Either search your harddisk for another copy or get it from your CD. Itmay be named regedit.ex_ because it is a compressed file. When you find a copy we can put it back in c:\windows. If it is the compressed form, we will have to expand it to regedit.exe.


Let's see if we can find and cleanup any other hidden baddies.

Let's see if we can cleanup some more hidden baddies.

- First run CCleaner before doing the below.

- Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report. And tell me if you are still having any problems. This log could get quite large and you may need to compress it into a ZIP file to upload it.

Post this Ewido log.

[azsteve]

Since I'm a little confused by your last email, I've attached a screenshot of my search results - Start, Search, regedit

[azsteve]

I didn't even see the bottom half of that last post...so diregard my last post. I'm going to do as instructed.

Thanks,
Steve

[chaslang]

You did not follow step 3 of the READ ME FIRST. Please go back and follow it exactly.

You do have regedit.exe exactly where it is supposed to be.

[chaslang]

Try this registry patch to fix your regedit problem.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file enableRE.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the enableRE.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Quote:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"**.del.DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"**del.DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[azsteve]

I see where I went wrong in step 3 of the READ ME FIRST. I also added the contents of the last post to my registry. Where do I go from here? Should I go back to READ ME FIRST and redo it ALL over again? I feel like such an idiot. I could have saved you a lot of time had I unchecked the second of the two boxes. Please accept my apology.

Steve

[chaslang]

Does regedit work now?

Did you run the Ewido scan? Post the log!

[azsteve]

Regedit still doesn't work. Opens and then closes. I can access it by going to c:\windows\regedit

I installed and ran ewido. The log is posted.

[chaslang]

Do you have Administrator priviledges?

At this point I would say your problem is not related to malware and you may have to work this in the Sotware Forum.

But try it this way:

Start, Run and enter msconfig and click OK.

Does msconfig come up and stay up!

How about this one:

Start, Run and enter services.msc and click OK.

Does the Services windows open and stay open.