help needed, virus found, slow computer

Welcome to Major Geeks!

Probably for two reasons that I can see based on your other logs:

1) You did not empty your Norton Nprotect folder and possibly quarantines as requested
2) You did not run CCleaner on all user accounts and had a lot of cookies detected.

Compress the log into a ZIP file and attach it.

I'm looking at your logs now.

When you say things are slow, exactly what do you mean?

• bootup
• normal PC operations (running any other non-browsing program)
• online browsing
• downloading
• shutdown
• is it also slow in safe mode
• is it always slow

 

You GetRunKey log shows that you did not do what was requested in step 0 of the READ ME. You are using MSconfig to control startups and we requested that you not do that.

Did you purchase or do you plan to purchase Uniblue SpyEraser and Regitry Booster? If you answered no to those questions, then uninstall them. If already uninstalled, then just fix the O4 entires seen in your HJT log for them. That is these:

They are slowing down your PC esepcially startup time tremendously and the free tools will not fix anything for you.


Based on your CounterSpy log you need to be more careful where you surf and what you download. You have been downloading a bunch of adware bundlers
which are not helping your PC's performance. Avoid the online game sites!

You don't really have remaining malware issues that are causing you problems. Your problems seem more likely to be caused by what you have installed
and are running. I will give you a few things below that should help a little. Afterwards I will also give some other possible tips to improve
things which you need to decide how you want to continue on.


What is the below folder for? If you don't know, then what do you see in the folder?
C:\WINDOWS\system32\Dora Carnival dir

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the
uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

As requested in step 6 of the READ ME, uninstall the below old versions of Sun Java:
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.31/ttinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4790/mcfscan.cab

After clicking Fix, exit HJT.
Now use Windows Explorer to delete the below if found:
c:\windows\system32\cache32_dsktptr

Now run Ccleaner

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

The below information is optional and you need to decide what you wan to do.

The below software is also impacting your PC's performance. Reconsider using them.
Windows Live
Norton AntiVirus <--- there are free alternatives that are not so resource hungry.
Google Toolbar
GoogleToolbarNotifier

If you don't use and don't need the below software, uninstall them
BigFix
BroadJump Client Foundation
SafeGuard
Secure Game Player
TELUS eCare Plugin
TELUS eCare
TELUS Games Player

 

You could not attach the logs because you were trying to attach the same old logs! I requested new logs which means you need to rerun the programs to get new logs. Please attach new logs from all three programs as requested.

 

No you did not get new logs last time. Look at the contents of the ZIP file you posted. Inside the logs about 15 or so lines down you will see a date and time of the logs. You will see that what you have inside the ZIP is the same as what you originally posted in message # 2 of this thread. Thus you were not trying to attach new logs.

Now you have posted the new logs which like the previous ones also show no malware. They do show that you fixed the items I suggested you fix with HJT and that you took care of the Sun Java issues.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You would be better off asking about the Window Installer folder in the Software Forum. I have never seen it contain that many files. Are you sure you are counting correctly? Right click on c:\windows\installer and select Properties. What do you get for the below parameters:

• Size
• Size on disk
• Contains

If you start deleting files in this folder you will not be able to uninstall programs related to whatever you delete.