Computer has slowed to a crawl

I have done the "read first checks".
Done combofix, spybot(found 30 spyware),avg (found worm bobic.cx,adware.blazeFind,adware.P2pnet) but it did not create a log. Even with generate report checked.Then ran mgtools. The computer seems better but still not right. Can you help ?
Thanks, Jas456

 

Hi Jas456!
Welcome to Major Geeks!

You have some files in C:\ that are odd. Please change the names by first locating them in Windows Explorer. Right click on the file (they are files, not folders, but they don't have any extensions on them). Select rename. Change them as per the example with the first one by adding .zzz (for the second one it would be called s230.1.zzz:

File s22s in C:\ will become --------> s22s.zzz
and so on with the following
C:\s230.1
C:\s2dk
C:\s2ng
C:\s36c

abri

 

Thank you Abri
I have renamed the files in C:\ as you asked. Everything still works but the computer is still slow. It's slow to shut down, slow to boot up and it takes forever to open programs.
Thanks, Jas456

 

Jas456,

I think you're getting the eTrust Internet Security Suite from Yahoo and running McAfee Security Suite at the same time. You also have a remnant of Avira/Avast. Please uninstall either Cav/eTrust or McAfee. Make sure the other remains active.

If you decide to uninstall McAfee, please use the McAfee Consumer Product Removal Tool (SymNRT)

I'm not sure if there are special removal tools for Yahoo's eTrust Cav software. It may be enough to uninstall it via add/remove programs and Yahoo may have provided uninstall information.

To remove the remains of Avast, try first renaming C:\WINDOWS\AVShlExt.dll to AVShlExt.dll.old
After you've removed the other antivirus program you don't want and see how your computer is working after rebooting, then come back to this file and see if you can delete it. When removing things from your computer, it's good to leave some time between steps so you can better see if a new problem comes up. When you try to delete the AVShlExt.dll file, you may get the message that it is being used. If that happens, use Unlocker so you can delete it.

Let me know how this all goes.
abri

 

I have removed mcafee with the removal tool (but it still shows up in "services" As mcafee.com virus scan online realtime engine). I changed it from automatic to disable. I have also renamed the C:\avshlext.dll file. After restart and playing around the computer is still slow. I deleted avshlext file to recycle bin. My goal is to add a external hd and upgrade my xp sp1 to sp2.
But I want to get the computer back to speed and to make sure I don't infect the new hd.
Again thanks for your help, Jas456

 

Hi jas456,

I need to ask you how long you've been noticing the symptoms. The files I had you rename in C would look suspect to me but they are from October. Were you having problems with your computer that far back or did the viruses only show up recently? That's something I need to know.

1) Go to add/remove programs and uninstall the below:

- Java(TM) SE Runtime Environment 6 Update 1

2) Reboot after uninstalling the above.

3) Install the current version of Sun Java from: Sun Java Runtime Environment

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

5) Please run C:\MGtools\GetLogs.bat and attach a fresh MGlogs.zip.

Tell me if your computer is still sluggish.
abri

 

Hi abri,
It could well have been Sept. or Oct. when this computer started slowing down. My anti-virus never showed anything so we thought all was well. Until it just got to slow.
I uninstalled the old java and installed java se 6 update4. Installed disable\remove windows messenger. I could only disable it. When I clicked uninstall then apply I would get a error window(run-time error "429". Active x componet can't create object). The computer is a little faster. Somethings like "my pictures" open much faster. Shut down is faster but start-up is slow.
I don't know if this helps but when I open spybot on this computer it takes 65 sec. and on my older computer it takes 22 sec. and it has a slower processor.
Thanks, Jas456

 

Hi Jas!

You have a trojan and some odd files and some adware and a remnant of McAfee. I would like for you to remove and fix some things and then I would like to ask you to run a bulky cumbersome scan by Counterspy which should get rid of the entries you have for one particular piece of malware. With bulky, I mean the program is large and takes some time to download and with cumbersome I mean it takes quite awhile to run. It's a trial version and I will have you un-install it when you're done. It's important to make sure it's set to fix everything it finds.

First, please do the following:

1) Go to Windows Explorer and find the following files / folder and delete them:

C:\s2dk.2.zzz
C:\s36c.4.zzz
C:\Documents and Settings\Jess805558\Application Data\Viewpoint

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab

After you click fix, just close hijackthis.

3) Download and install Erunt. Use it to create a backup of your registry.

4) Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

5) Now run CCleaner.

6) Download and run CounterSpy
. If you've run this previously, you may not be able to download it.


7) After you run Counterspy, please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Counterspy log.

Let me know how things are running now?

abri

 

Hi abri,
You were right, counterSpy took alot of time to install and run. It didn't seem to find anything major (from what I can tell) but with the other deletes and counter spy my computer seems to have really improved. It seems about back to normal.
Thanks, Jas456

 

Hi Jas456

Your comment about Counterspy made my day. LOL

And now ...

1) Please look in Add/Remove Programs for the following and uninstall them if found. If you get any errors just make a note and proceed.


- Sunbelt Counterspy <=== we don't need this anymore


2) If you do not use Windows Messenger (not to be confused with either MSN Messenger or Messenger Live!!) I would like you to run
Disable/Remove Windows Messenger

3) See if you can find the following folders in Windows Explorer and if so, delete them. (you need to have already removed Sunbelt Counterspy via add/remove programs before you delete the folders!)

C:\Documents and Settings\Extreme Electrical\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

4) Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

5) Now run CCleaner at the default setting with the Windows Tab on top.


6) Your logs are clean. If everything seems to be working, please continue with the final clean-up instructions. I don't remember seeing a firewall unless there's one provided by AOL/Yahoo. If you don't have one, it's a good idea. The Windows one is not adequate and being behind a router doesn't allow you to see the traffic yourself. Do take some time to read the "How to protect yourself from malware" thead at the end. Something you're doing brought all this stuff into your computer that Counterspy got back out.

abri

 

Hi abri,
It looks like everything is running fine (thank you). I have a couple of questions. We installed "ERUNT" for the reg. back-up do I need to uninstall it? You also had found some odd files in C:\. We renamed some and then later deleted s2dk.2.zzz and s36c.4.zzz. There are about 70 files like this with no file type and 0 kb all starting with "s". What should I do with these and also the other 2 flies we renamed but did not delete? Should I rename them and see if everything works and then delete them or just leave them as is?
Again thanks for your help, Jas456

 

Hi jas456,
You can remove or keep Erunt as you like. It's an easy way to back up the registry.

If nothing went wrong with those we already renamed and deleted, then you can just delete all of them.

abri