first post, help please

hi. first of all i'm not too great with computers... My main problems are the task manager, and regedit won't open...Or if they do, they close in 1 or 2 seconds... Also just that the computer is running overall much slower than it used to. Also not able to play games that it used to, runs MUCH slower overall. Hope I can fix these with some help
over the last couple weeks I've tried to do everything on the "read and run me first" page at http://forums.majorgeeks.com/showthread.php?t=35407...
I haven't seen much difference afterwards, other than maybe less pop-ups. I'll attatch what i'm supposed to, and if anyone can help it would be awesome

Also, when I tried the step with the getrunkey.bat file the first time... I got an error message something about "cannot open regedit"...or something like that, But tried later, after everything else..And it worked.

The uploading attatchments is taking really long for some reason... If the attatchments didn't work I'll try again a little later or put them on rapidshare or something
Cheers and thankyou

 

If you can attach the logs from the READ ME, if for some reason you can't upload one by one try compressing them in a ZIP file and attaching. If you still can't just paste the inline and I will convert for you.

 

here are those files... thanks for the help

Inline logs attached from ZIP file.

 

I attached your logs for you, however I still need a HijackThis log.

 

here is hijack this log as requested
thank you for the quick replies

 

First, please see this thread on Using SDFix

1. Now Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Once you have completed this post, attach the logs from both utilities along with a fresh Panda and HJT log.

 

i did the 2 sdfix and combofix, and attatched the logs.
Also attatched a new hijack this log.
But when I tried the panda scan again it didn't work anymore... I'll show a picture below. It just gets stuck on that screen. Hope the other logs will be enough.
http://img183.imageshack.us/my.php?image=pandascanrp3.jpg

 

See this thread: Running AVG Anti-Spyware

Once this scan is complete, reboot and attach the log from AVG with a fresh HJT log and we will begin a fix.

 

Here they are
Looking forward to the fixing

PS. I don't have to be in safe mode for running hijack this do I?

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

AVG Anti-Spyware

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - URLSearchHook: (no name) - {1FC898A1-0067-71B3-487E-0E92485ED2CE} - C:\WINDOWS\system32\azkru.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=explorer.exe win32nls.exe

O2 - BHO: (no name) - {1FC898A1-0067-71B3-487E-0E92485ED2CE} - C:\WINDOWS\system32\azkru.dll (file missing)
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: (no name) - {CDCD13FF-92D0-4036-9FCB-4A78EEC26B6C} - \
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD63B399BC7D} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O4 - HKLM\..\Run: [svidctlm] C:\WINDOWS\System32\svidctlm.exe
O4 - HKLM\..\Run: [wain_32t] C:\WINDOWS\System32\wain_32t.exe
O4 - HKLM\..\Run: [akdfzsde] C:\WINDOWS\System32\arrfnajb.exe
O4 - HKLM\..\Run: [MSWinSrv32] C:\WINDOWS\system32\MSWinSrv32.exe
O4 - HKLM\..\Run: [eplacer] C:\WINDOWS\System32\eplacer.exe
O4 - HKLM\..\Run: [Muzkco] C:\program files\ebpllrx\bliejdc.exe
O4 - HKLM\..\Run: [qtlddy] C:\WINDOWS\system32\ltdpxsp.exe
O4 - HKLM\..\Run: [Winnup] win32nls.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ewawavt] C:\WINDOWS\system32\qchlpu.exe r
O4 - HKCU\..\Run: [Olhycoq] C:\WINDOWS\system32\?ystem\w?auclt.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Raed] "C:\PROGRA~1\RACLE~1\ping.exe" -vt tzt
O4 - HKCU\..\RunOnce: [Winnup] win32nls.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\JORDAN\yahoo\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\JORDAN\yahoo\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Next Reset Web Settings & Default Security Settings

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Finished the instructions, and thankyou so much for helping me out. The task manager is now fixed, and i didn't break the computer in the process. the computer seems to be overall running a little quicker as well

One question: where it says to put system restore back on... Is it ok if I just leave it off? I have never had it on before. Would it be a good idea, and does it take up space on the computer or anything...

Thanks for the time and effort bjgarrick, great success!

 

I notice you have the "Messenger Plus! 3" installed, I would personally recommend uninstalling this as it contains some malware.

Also, have HJT fix the below entry...

After doing the above your log will be clean, are you having any further problems?

 

hi, i uninstalled the messenger 3 and fixed that one entry. the task manager is working and taht is great. Only games still dont run as fast as they probably should/ used to. I am thinking this is because of something else, like would you recommend a disk defragmentation or anything like that?
thanks

 

If you havn't defragmented in a while then yeah I would recommend doing so.

If you're going to run a defrag then I would try out Vopt XP 8.07

 

i've never done a defrag before.
thanks for all your help.

 

Ouch, then yeah I would recommend doing one. I would use Vopt simply because I think it does a great job, it's a trial so after 30 days you will have to buy or uninstall.

Just install it, then click "Defrag" at the top. Be sure you close everything possible as in processes because during a defrag your hard drive works it's butt off. If you've never defraged it will most likely take a while so it would be best to leave it running overnight.