Hello- I need some malware help again

How could that be? These are your first two posts.

You need to post in the proper forum which is the malware forum.

I will be moving this thread to that forum in a moment.

 

Did you notice in the READ & RUN ME where it said that slow PCs are not always due to malware? Well you fit that description. Your problems are more than likely due to what you are running. Two items in particuar could be causing you the biggest problems. And that is the junk from ComCast and also Symantec.

Let's remove a few minor items and also so unnecessary startups and then see where things stand.

First start by uninstalling the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below folders which may be left behind by the uninstall:
C:\Documents and Settings\Jim\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Then uninstall Viewpoint Media Player which should have been uninstalled in step 0 of the READ ME

Now run this Disable/Remove Windows Messenger to remove Windows Messenger.


Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below folder and delete it if found:
c:\windows\iLookup

Now delete the below files if found:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Documents and Settings\Jim\Favorites\shopping\Best Buy.url

Now reboot in normal mode

Now run Ccleaner

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!

 

Not a malware problem.

You can use HJT to fix the below lines which will help a little more.

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147933943\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"


Other than that, you will have to bite the bullet and uninstall Norton/Symantec to see if it is your problem.

 

You're welcome.

You should do them. You don't appear to use AOL so you don't need that process trying to load and you don't need automatic updates of Sun Java always running. You can get them yourself when necessary.

The C:\Program Files\Support.com\bin\tgcmd.exe process may have been one of your biggest problems. It is a know resource hog.


If you are not having any other malware problems, it is time to do our final steps:

1. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
2. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
3. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
4. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!