Another plea for help!

To help keep you moving along for D3, you still need to follow the directions in the link given in step 7 of the READ & RUN ME. You have HJT running as below:

C:\Documents and Settings\Owner\Local Settings\Temp\wzef1f\HijackThis.exe

This is exactly where we specify that it not be installed. Follow the directions to create the proper folder and put the hijackthis.exe in the folder specfied. If you have a problem doing this, you could download the below file and extract the VBS script file from it and run it (you may get a pop message from your antivirus program or from MS Antispyware - you will need to give the script permission to run). This script should create the proper folder and move hijackthis.exe to it.

http://downloads.subratam.org/Move_hijackthis.zip

 

No! For some reason it did not. You should juist check your log before uploading.
You are still running HJT from:
C:\Documents and Settings\Owner\Local Settings\Temp\wz75d1\HijackThis.exe

Delete the above follow and follow the step by step instructions that are given in:

Downloading, Installing, and Running HijackThis

 

Well first I would suggest you fix the below lines using HJT:
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\200612816254_mcinfo.exe /insfin

This seems to be something possibly left over from running McAfee at some point. I'm not exactly sure which application from them adds this. Perhaps it came with their Antispyware component. Do you use the McAfee Antispyware application you have installed and do you like it?

You should delete the below file too:
C:\Documents and Settings\Owner\Local Settings\Temp\200612816254_mcinfo.exe

 

Are you saying there is no uninstall in Add/Remove programs for McAfee's Antispyware?

 

Okay! So if you do not like the McAfee Antispyware then uninstall it. You now have MS Antispyware installed and therefor do not need or want McAfee to also be installed. This can cause your PC to slow down.

I would also suggest having HJT fix the below line:
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

 

But did you get McAfee Antispyware uninstalled?

Are things working any better?

 

Run the below and attach the Ewido log:

Running Ewido Security Suite

Then also attach a new HJT log.

 

Okay! As D3 said, all Ewido really found was a bunch of cookies! You should uninstall Ewido now to free up system resources.

Do you have the Windows XP SP2 firewall disabled? If not, you must disable it since you have ZoneAlarm.

I would also suggest running the below to uninstall Window Messeneger which you do not need or want:
Disable/Remove Windows Messenger

Also I suggest having HJT fix the below entry (not malware but not typically very useful and wastes resources):
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe

You should consider whether you really need and use all the toolbars you have installed. Uninstall any that you do not use, here are some items I see:
Yahoo! Toolbar
Yahoo!\Companion
eBay Toolbar2
MSN Toolbar

It is your decision to decide which you ned and do not need.

 

Use Add/Remove programs to uninstall (if found)
AOL Toolbar

Since you are removing all the Yahoo stuff, doo you still want yahoo.com to be your start page?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

You can have HJT fix the below lines:
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (file missing)
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Then delete the below folders:
C:\Program Files\Yahoo!
C:\Program Files\AOL Toolbar

Let us know if this helps at all. Other than that you may want to try a different browser like FireFox. You will see it mentioned in the link given below too.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

No you cannot delete IE. It is an integral part of the OS and you will need it on may websites especially Microsoft. Without it, you cannot get updates for your OS.

No there is nothing from the READ & RUN ME you should uninstall. They are all good to have.

There is only one more thing to check, and that is for a rootkit. After that, I would say your problems may be due to your connection speed or it is just normal for your PC.

Download Blacklight Beta

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

Attach a new HJT log to so we can verify the other stuff from Yahoo was removed.

 

You're logs are still clean! Your problems are not due to malware. At least none that are recognized by normal scans.

When you say your computer is running slow, exactly what do you mean?
Do you mean surfing the internet? Or do you mean everything you run on it (even non-internet related)?
Is it slow if you unplug your cable to the internet?
Do you notice the same slowness in safe mode?

What do you use the below for:
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

 

I still do not think you should be posting in this forum but let's try one more thing:

Please see the below thread on how to install and run Spy Sweeper. After you run it, attach the log to your next post.

• Running Spy Sweeper...

When is the last time you did a disk defrag and also an Error check on your disk. ( not malware issues either)?

Please answer questions:

 

Instead of using this www.google.com in Firefox try this: 66.102.7.99

Does that work?

 

You did not update Spy Sweeper to the latest definitions before running it. You should do that, but I doubt it is going to find anything causing your problem.

Sorry about the IP address. I gave you the wrong one, but the fact that it brought up a page means FireFox works. Try this IP addres to get to Google: 64.233.161.104

PRISMXL.SYS file is showing in your services list. If you are sure you did not install it, first look to see if you can find it in Add/Remove programs. If so, uninstall it. Otherwise we will fix it manually.

Please don't post any HJT logs unless requested! We are not chaning anything yet that would cause it to be different.

 

By the way, here is come info on PrismXL

http://www.bleepingcomputer.com/startups/PRISMXL.SYS-10410.html

Do you recognize what the below are:
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab

 

You should answer all of the message at once.

What about:

 

Then you may have a problem in your router or with your ISP's DNS server. (Do you have a router).

Click Start, Run, and enter ipconfig /flushdns and click OK! Now see if you can use www.google.com.


Let's get rid of PrismXL!
Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to PrismXL ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

PrismXL

Now exit HJT and reboot when it tells you it needs to.

After reboot, attach a new HJT log so we can make sure this service is gone.

Also delete the below folder if found:
C:\Program Files\Common Files\New Boundary

 

This is not what I gave you "ipconfig/flushdns" There is a space between ipconfig and /flushdns

 

Okay PrismXL is gone. Is there any change in system performance?

 

That may be a good idea. But first you could try a few things to see if for some reason they are causing you problems.

1) uninstall ZoneAlarm - any change
2) uninstall AVPERSONAL - any change
3) uninstall Spy Sweeper - any change

Do not run for too long without an AV or firewall in place! I'm just suggesting the last bit that you can try to see if it is a software issue. If it is not these, then either it is your ISP or some other configuartion/hardware issue on your PC.