Help My Computer is running very Slow

Hi, My computer is running very slow. I completed 1-6 per the Read & Run Me First before Asking for Support. I'm running WinXP. My HijackThis log is posted below. Any help is greatly appreciated. Thanks!

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Hello, debeye.

Please do not copy and paste HijackThis logs into your post, always include the logs as attachments. The reason we ask this, is because we do internet searches on some the the processes in the logs; and when they are copy and pated into the post the search engines find these logs making it much harder to obtain information on a running process we may not recognize.

Your system is out of date, install SP2 once we have disinfected your system and run windows update to bring your system Up2Date.

Please do the following:
Make sure System Restore is OFF.

How to view hidden, system files & folders!

Searching for Hidden Files on WinXP

Running Ewido Security Suite

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Attach copies of the Ewido and WPFind Logs along with a fresh HijackThis log; after you have completed the above.

 

Thanks, I'll give it a try, however when I installed my wireless network last year Comcast told me not to install SP2 so I didn't. Will it screw up my network?

 

SP2 provides several security enhancements as well as closes several holes in the OS; without SP2 your system is at serious risk. Comcast most likely told you not to install SP2; because their software was not SP2 compatible at the time. Make sure you update all drivers and software before installing SP2.

 

Should I have Windows Exploer and System checked in CCleaner when I run it?

 

Run CCleaner with the default settings, don't change anything.

 

I followed your instructions. Attached please find the Ewido report. Please let me know what to do next. Thanks so much for your help.

 

Please post the WPFind log.

 

WinPfind is attached. Should I install SP2 and get updates now? Installing SP2 is faily involved isn't it? I have a disk from Microsoft I can use.
Thanks for your help. I really appreciate it.

 

Please post a fresh HijackThis log as an Attachment.

 

Fresh HijackThis log.
Thank you.

 

According to your log you have both AVG and Norton installed, pick one uninstall the other.

Download
- Pocket Killbox

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to FreezeScreenSaver ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the 'Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

FreezeScreenSaver

Now scan and have HJT Fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Should I do all this in normal or safe mode? Should I have Sys Restore turned off?

 

Fresh HJT file attached.

 

When I scanned with HJT I couldn't locate O23 - Service: FreezeScreenSaver in the list. However when I searchd for it in files and folders it was there under C:\WINNT\Prefetch
Should I delete it from there?

 

Now scan and have HJT Fix the following:

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Shadow Puter Dude,
I ran HJT and checked the boxes for all the programs you listed than rebooted in SAFE MODE but none of the files you listed were there fo delete. I couldn't locate C:\WNDOWS\Prefetch either. There is a C:\WINNT\Prefetch however. I don't understand why the files HJT should have fixed are still there, do you?
Thank you!

 

Please make sure System Restore is OFF.

Make sure you have done the following:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Download and install
- ExplorerXP

Now scan and have HJT Fix the following:

Now run ExplorerXP that you installed earlier, nagivate to and delete the following:

Now boot into SAFE MODE

Now run CCleaner. If you have Windows XP delete the contents of C:\WINNT\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Attached please find the latest HJT post. Yes my Sys Restore is Off and view hidden, system files and folders is per your instructions. I am following every instruction to a T.
I did delete C:\WINNT\Prefetch and now my computer is slower than ever. I was seeing some improvement before that.
Please help.
Thank you.

 

Download the following two files, create a folder on your desktop, and call it TSC. Save these 2 files there!

Sysclean Package
Pattern.zip

Unzip Pattern.zip, then delete the zip file.

Once you have these downloaded into the folder you just created, REBOOT INTO SAFE MODE!

Once in Safe Mode, double click the file sysclean.com; when system cleaner loads, click SCAN to start the scanner.

 

I ran Spyclean but I wasn't sure what the next step is now. I attached a fresh HJT in case you want to see. Please let me know what the next step is.
Thank you.

 

I'm sorry, I forgot to tell you to post the HijackThis log. Those lines are still there.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Spysweeper.txt and fresh HJT files attached.
Thank you.

 

Now Download the Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

eVHGQ
aejluvqy
pphelpa
3H88PM65QL#ZKF
AutoLoaderu0ov1PbgaOPM
u77T35e
fwo3RRKql

Press 'OK'

The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and post in this thread. If it is very long, an attachment would be better.

 

I suspect I was suppose to run each one separately b/c I didn't understand how to run them together. Please find a post for each one in the attachement.
Thank you.

 

Copy and Paste the contents of the below quote box into Notepad and Save As RegFix.reg to your Desktop:

Now double-click on RegFix.reg and answer Yes when asked if you want to merge with the registry.

Noe Reboot your computer and post a fresh HijackThis log.

 

Done, my computer would not reboot. I had to unplug it to reboot. Fresh HJT file attached. What's next?
Thank you.

 

THey are still there, plese do the following:
Smitfraud and PSGuard Removal

 

I started this latest process before I left for work this morning. I noticed shortly after it started clean up my screen went blank. The CPU power light was still lit as was the monitor. I hit the space bar and shook the mouse a bit hoping it would come back but nothing did. What should I do if when I get home it looks the same?
Thank you.

 

smitfiles.txt attached.
Thank you.

 

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments.

Also post a Fresh HijackThis log.

 

Panda and Qoologic post attachments per your instructions. I will attach the other two in a separate post as it will only allow me to post two at a time.

I sure hope we're getting close. I appreciate your help.
What's next?

 

RKTool post and a fresh HJT
Again, Thank you!

 

Boot to Safe Mode.

Open Windows Explorer navigate to and delete the following:

Let me know when you have done that.

 

Shadow,
I could only locate 3 of the files you listed, 1, 5 and 6. The other files are not there.
Thank you. Have a nice day.

 

Uninstall Ewido Security Suite and Spy Sweeper as they may be interfering with the fixes.

Please run this uninstaller - Nail Uninstaller

Follow the instructions in this thread:
Look2Me VX2 Removal

Post all logs from above and a fresh HijackThis log when finished.

 

My computer locked up for several hours after running I2mfix.bat #2. I finally had to unplug it to restart. I was able to run #1 though.
I didn't get any error messages so I don't understand what went wrong.
Thanks.

 

Start HijackThis, click-on the 'Open the Misc Tools section' button, click-on the 'Open Uninstall Manger...' button, click-on 'Save list...' button. Save the list to your desktop and attach to your next post.

 

Uninstall list attached.
Thank ou.

 

Viewpoint Manager (Remove Only) <--- Uninstall, not needed
Viewpoint Media Player <--- Uninstall, not needed
Web Search Tools Contextual Ads <---- Do you Recognize this, if not uninstall
Web Search Tools Search Assistant <---- Do you Recognize this, if not uninstall
Web Search Tools Search Button <---- Do you Recognize this, if not uninstall

 

I uninstalled all the programs you listed. A fresh uninstall list is attached. What do we do next?
Norton's keeps asking me to update definitions. Does that have something to do with what we've been doing?
Thank you.

 

Yes, update your Norton Definitions.

Post a fresh HijackThis log.

 

A fresh HJT log is attached. I see some of those files are still there. I still have my sys restore turned off. Is that safe? My computer seems to be running faster. I updated Norton but even after I update sometimes it continues to prompt to update. Maybe that was because I was deleting so many files?
What do we do next?
Again, thank you very much for all your help. I really appreciate it.

 

Please click on this link http://www.f-secure.com/blacklight/cure.shtml and run backlight.

 

I ran Blacklight, it said Scan Complete, No Hidden Items Found.

 

PRINT THESE INSTRUCTIONS OUT FOR USE WHILE NOT CONNECTED TO THE INTERNET.


Disconnect for the internet. Physical disconnect the LAN cable from the ethernet card.

Now scan and have HJT Fix the following:

Now physical pull the power plug from the computer. YES, I said pull the plug. We want to avoid a clean shut down.

Plug the cord in and power up your computer boot to SAFE MODE.

Now run Windows Explorer, navigate to and delete the following:

Run CCleaner and delete the contents of the Prefetch folder.

Reboot to NORMAL MODE and post a fresh HijackThis log.
​

​

 

I followed all your instructions. A fresh HJT file is attached. When I went into Windows Explorer I couldn't find the files.

 

OK, we are going to work through the rest of these one at a time, Starting with HuntBar.

Reboot to Safe Mode.

Remove the Startup Entries in the Registry

• Click on Start, Run, Type REGEDIT and Click OK
  
  
• Click the pluses(+) next to the following items
  • HKEY_LOCAL_MACHINE
  • Software
  • Microsoft
  • Windows
  • CurrentVersion
  • Run
    
    
• Right-Click on the file WinTools and click DELETE
  
• Click the pluses(+) next to the following items
  • HKEY_LOCAL_MACHINE
  • Software
  • Microsoft
  • Windows
  • CurrentVersion
  • RunServices
    
    
• Right-Click on the file WinTools and click DELETE
  
• Close REGEDIT

Run HiJackThis (while in Safe Mode) and Delete: (May have already been deleted from above)

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

Delete the WinTools folder and all associated files

• Open My Computer, Drive C, Program Files, Common Files
• Right-click on the WinTools folder (if it exists) and Delete it

Download
- Hoster

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Reboot to Normal Mode. Run HijackThis and post the log.

 

Fresh HJT file attached.

 

Please download PeperFix.exe from here:

http://downloads.subratam.org/PeperFix.exe

This tool is most effective when it is run in Safe Mode.

Once in Safe Mode, run PeperFix.exe, and click Find and Fix twice. It should find all files related to the trojan and fix them.

Run PeperFix again.

Run HijackThis and fix the following:

Next use Windows Explorer to navigate to these locations and delete the files in bold if they are still there:

Now reboot to Normal Mode. Run HijackThis and post a fresh lgo.