Computer slowed down, CPU Usage rose.

So I woke up one morning, and Windows is telling me that my laptop has viruses. I'm not sure why, or how they got on, but my computer gradually got slower and slower each day, and it's really bothering me. It takes years for the computer to start-up (I used BootVis to fix that), applications take a while to load, and sound files lag and make scratching noises. This all happened about a week ago. I went through the Malware Removal Guide stickied, and here are my logs.

Please help!

 

Hi jasonhasviruses!
Welcome to Major Geeks!

Please do the following:

1) Install the current version of Sun Java from: Sun Java Runtime Environment

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {63230C1C-CE2C-4BAD-8180-6D32E81E5234} - (no file)

After you click fix, just close hijackthis.

3) Download and install Erunt. Use it to create a backup of your registry.

4) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

5) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

6) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log. Also, please let me know if you got a success message when you did the registry patch (regedit4).


Let me know how things are running now?

abri

 

I feel like nothing has changed. It still takes a million years for my video games to load up, where 2 weeks ago it only took like 2 seconds.

:cry

Here are my new logs, please help me!

EDIT: Yes I did get a success message when merging the fixME.reg file.

 

I just un-installed Spyware Doctor and AVG. My computer still runs slower than it used to.

I do use the BlueTooth service on my computer.

For the Ares thing, I don't need it to start-up when Windows starts up, and I don't use the chat-room service. Should I remove those in HijackThis?

 

Hi Jason,

The reason you're having problems is because there are some bad things on your computer. Please be patient.

There are 8 copies of Norton Internet Security in your uninstalls list and 10 Symantec services running. Nortons is a serious resource hog. Have you always been using it? Also, you have a keygen which means that there is a piece of illegal software somewhere on your computer and keygens are like an invitation to any kind of malware, because the people who put malware into your computer know that if you installed illegal software yourself, then you won't go to the police. You also have a bad driver. So. Let's continue as follows:

First of all, let's delete some bad files.

1) I want you to run Avenger as you did in post 2 only this time use the contents of this box:

2) Then run ATF Cleaner, also as you did in post 2.

3) You have a lot of music files which were downloaded on the 2nd of February. Can they go to a temporary storage device like a CD or DVD for now?

4) Next I would like for you to run the BitDefender online scan. This scan has to be run with Internet Explorer and your active X has to be enabled. It's a long scan (but a very good one) and will probably take one to two hours. Do not have it show all files. By default it will only show the infected files and those are the ones we want to see. Here are some instructions that will show you how to create a log we can use:

5) 8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log and the bdscan log.


Let me know how things are running now?

abri

 

Should I uninstall Norton Anti Virus? I remember all of my problems happening a few days after Norton told me I had to re-new it's subscription. I don't really need it.

I used BootVis to boost up my start-up speed. It literally used to take like 10 minutes, then it went a lot faster, around like 2 or less minutes now. Some forum told me to use it.

Enjoy the logs.

 

Hi jason,
There's a certain way to empty your Norton quarantine, which you need to do. follow the instructions in the Removing Files from Norton Antivirus Quarantine

If you decide to remove Symantec from your computer, you need to have an installation for another antivirus on your computer in a place where you can find it, so that you can install it as soon as the Nortons is out. To effectively remove Nortons, you need to first empty the quarantine bin as per the instructions above and then use the Norton Removal Tool (SymNRT)

If possible, only remove your antivirus when you are physically disconnected from the interenet. Then install the new one also while disconnected and finally reconnect and allow the new program to download all the most recent updates.

If you do not have another antivirus program in mind, you can find some suggestions in the thread How to Protect Yourself from Malware

Your logs are clean. I think if you change from Symantec to a combination of freeware listed in the How to Protect Yourself ... thread, that you'll find an improvement in your performance. Try that and let me know and be sure to empty the quarantine bin first.

Please do the following cleanup steps:

abri

 

Hi Jason,

Did you already complete all the deletion of the Norton quarantine files and of the Norton Security Suite?

I forgot to have you disable the Ares chat thing. To do this, you need to go back to the Windows XP Cleaning Procedure and download and reinstall the MGTools so you'll have HijackThis installed properly.

Next we need to remove some bad services, please follow the below…

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Ares Chatroom server
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.

• Now Click OK until you get back to Windows.
• Next, run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste AresChatServer into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

When you finish the above, please run CCleaner in the default setting with the Windows tab as the one on top.

I would like to see your MGTools log when you finish with this. To get this, run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip

Thanks.
abri

 

Are we leap-frogging here? Did you delete your post? I know I saw it! lol
No matter, though, because it gave me a chance to add the instructions for the Ares entry.
abri

 

I believe you edited my post to include instructions on how to get rid of the Ares Chatroom.

My post said that my brother told me to use Ad-Aware as my main Spyware remover thing. I also installed some of those freeware programs from your other post.

My computer still runs slower than it used to before all these virus things started popping up. Do you have any idea on what I should do? I really don't want to re-format my computer, I have way too much stuff to back-up for that kind of thing.

 

Hi Jason,
I didn't edit your post, but I saw a post of yours which disappeared while I was trying to answer it. It never came back. It's happened on a rare occasion that a post simply disappears and seems to be related to changes going on at the server. Anyway, I had posted you a set of instructions suggesting getting the Symantec software out of your computer and replacing it with some of the free things recommended in our How to protect yourself with malware. Then when I posted the second time, I gave you instructions for removing the Ares entry.

What I see now is no antivirus software at all. Please go to How to Protect Yourself from Malware and download and install one of the recommended antivirus programs.

After you've done this, I would like for you to run CCleaner at the default setting with the Windows tab as the one on top.

And when you finish running CCleaner, please transfer your My Documents folder to a cd, dvd or a flash drive. This one:
C:\Documents and Settings\J.DeLima\My Documents\

Let me know how your computer is running after this.
abri

 

Well, that's a drag. No wonder his was gone. :confused